From owner-freebsd-questions Wed Jan 12 12:29:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from trinity.lee.net (trinity.lee.net [208.229.121.1]) by hub.freebsd.org (Postfix) with ESMTP id 6AC9B15186 for ; Wed, 12 Jan 2000 12:29:34 -0800 (PST) (envelope-from awells@journalstar.com) Received: from journalstar.com (leepcD-073.sub-d.lee.net [208.205.127.73]) by trinity.lee.net (8.9.1/8.9.0) with ESMTP id OAA05123; Wed, 12 Jan 2000 14:29:21 -0600 Message-ID: <387CE495.DA11DB1B@journalstar.com> Date: Wed, 12 Jan 2000 14:31:17 -0600 From: Tony Wells X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Richard Nyberg Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sshd and syslogd References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks to everyone for their help. I can now see log messages from sshd. Richard Nyberg wrote: > > You have to put the 'auth.*'line somwhere above the '!startslip' > line. The lines beginning with '!' starts a new section. > You can also try to log authpriv.* messages. > > If the file authlog doesn't already exist you must create it before > syslog can use it. Just do 'touch /var/log/authlog'. > > /Richard > > Tony Wells wrote: > > > I tried what you suggested, but still don't see messages from sshd in > > /var/log/authlog; I still see login failures from telnet in > > /var/log/messages. I rebooted the machine after I made the changes just > > to make sure everybody read the changed config files. > ~> Could I have a conflict in syslog.conf? The contents of > syslog.conf are > > listed below: > > > > # $FreeBSD: src/etc/syslog.conf,v 1.9.2.1 1999/08/29 14:19:02 peter Exp > > $ > > # > > # Spaces are NOT valid field separators in this file. > > # Consult the syslog.conf(5) manpage. > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > > mail.info /var/log/maillog > > lpr.info /var/log/lpd-errs > > cron.* /var/cron/log > > *.err root > > *.notice;news.err root > > *.alert root > > *.emerg * > > # uncomment these if you're running inn > > # news.crit /var/log/news/news.crit > > # news.err /var/log/news/news.err > > # news.notice > > /var/log/news/news.notice > > !startslip > > *.* /var/log/slip.log > > !ppp > > *.* /var/log/ppp.log > > auth.* /var/log/authlog > > > > Richard Nyberg wrote: > > > > > > My configuration: > > > > > > In sshd_config: > > > > > > SyslogFacility AUTH > > > > > > In syslog.conf: > > > > > > auth.* /var/log/authlog > > > > > > This puts all sshd messages _and_ all other auth messages in > > > /var/log/authlog > > > > > > /Richard Nyberg > > > > > > > Does anyone know the magic to get sshd to log to /var/log/messages via > > > > syslogd? I'm most interested in seeing the cause of failed connections. > > > > > > > > TIA > > > > Tony Wells > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message