On Sun, May 04, 2008 at 10:30:29AM -0700, john wrote:
> > What exact steps have you taken to accomplish what Damien proposed?

>
> Yes sorry Dan, I should have been specific.
>
> I created a file in my chroot root called /home/dev/auth.log
>
> Then I edited syslogd to write auth log to that location and
> restarted syslogd.


Aha. No, it has to be the other way around.

Create a /home/dev/log pipe/socket and make syslogd listen there in
addition to the regular /dev/log


> I commented out my chroot in sshd_config and confirmed that sftp
> file transactions were being logged in /home/dev/auth.log


The log file itself can and should probably not be inside the chroot.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev