On Sun, May 04, 2008 at 10:30:29AM -0700, john wrote:
> > What exact steps have you taken to accomplish what Damien proposed?

> Yes sorry Dan, I should have been specific.
> I created a file in my chroot root called /home/dev/auth.log
> Then I edited syslogd to write auth log to that location and
> restarted syslogd.

Aha. No, it has to be the other way around.

Create a /home/dev/log pipe/socket and make syslogd listen there in
addition to the regular /dev/log

> I commented out my chroot in sshd_config and confirmed that sftp
> file transactions were being logged in /home/dev/auth.log

The log file itself can and should probably not be inside the chroot.

openssh-unix-dev mailing list