REPOST: SysLogFacility - SSH

This is a discussion on REPOST: SysLogFacility - SSH ; Then man page for sshd_config lists all the possible values SysLogFacility but doesn't detail what they do. Is that information available somewhere? Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows workstation. I want to log failed connection attempts to a ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: REPOST: SysLogFacility

  1. REPOST: SysLogFacility

    Then man page for sshd_config lists all the possible values
    SysLogFacility but doesn't detail what they do. Is that information
    available somewhere?

    Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows
    workstation. I want to log failed connection attempts to a file, not the
    windows event system. How do I do it?

    Thanks.

  2. Re: REPOST: SysLogFacility

    On Fri, 14 Apr 2006 13:19:37 +0000, Chuck wrote:

    > Then man page for sshd_config lists all the possible values
    > SysLogFacility but doesn't detail what they do. Is that information
    > available somewhere?
    >
    > Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows
    > workstation. I want to log failed connection attempts to a file, not the
    > windows event system. How do I do it?
    >
    > Thanks.


    They specify what 'facility' or category the generated syslog entries are
    sent as. It is a syslog thing. man syslog.conf for more info.

    JohnK

  3. Re: REPOST: SysLogFacility

    JohnK wrote:
    > On Fri, 14 Apr 2006 13:19:37 +0000, Chuck wrote:
    >
    >> Then man page for sshd_config lists all the possible values
    >> SysLogFacility but doesn't detail what they do. Is that information
    >> available somewhere?
    >>
    >> Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows
    >> workstation. I want to log failed connection attempts to a file, not the
    >> windows event system. How do I do it?
    >>
    >> Thanks.

    >
    > They specify what 'facility' or category the generated syslog entries are
    > sent as. It is a syslog thing. man syslog.conf for more info.
    >
    > JohnK


    I'm running the daemon in Cygwin as a service. By default
    SysLogFacility is set to AUTH which sends the log to the windows event
    system. I want it in an actual text file that I can analyze with a shell
    script. Will one of those settings do that?

  4. Re: REPOST: SysLogFacility

    On Mon, 17 Apr 2006 14:01:23 +0000, Chuck wrote:
    > I'm running the daemon in Cygwin as a service. By default
    > SysLogFacility is set to AUTH which sends the log to the windows event
    > system. I want it in an actual text file that I can analyze with a shell
    > script. Will one of those settings do that?


    I've no idea how Cygwin would handle other facilities. In Unix you would
    specify a file for those particular entries in syslog.conf. Again - that
    functionality is usually a syslog thing, not sshd.

    JohnK

  5. Re: REPOST: SysLogFacility

    On Sat, 15 Apr 2006 09:26:14 +0100, JohnK wrote:

    > On Fri, 14 Apr 2006 13:19:37 +0000, Chuck wrote:
    >
    >> Then man page for sshd_config lists all the possible values
    >> SysLogFacility but doesn't detail what they do. Is that information
    >> available somewhere?
    >>
    >> Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows
    >> workstation. I want to log failed connection attempts to a file, not the
    >> windows event system. How do I do it?
    >>
    >> Thanks.

    >
    > They specify what 'facility' or category the generated syslog entries are
    > sent as. It is a syslog thing. man syslog.conf for more info.


    The fact that these are syslog facilities doesn't change the fact that the
    doc isn't saying what gets logged via which facility.

    However, because it's syslog, it's probably organized as a list with a
    beginning and an end. One end of the list logs nothing or next to
    nothing; the other end logs "everything".



  6. Re: REPOST: SysLogFacility

    In article Dan
    Stromberg writes:
    >On Sat, 15 Apr 2006 09:26:14 +0100, JohnK wrote:
    >
    >> On Fri, 14 Apr 2006 13:19:37 +0000, Chuck wrote:
    >>
    >>> Then man page for sshd_config lists all the possible values
    >>> SysLogFacility but doesn't detail what they do. Is that information
    >>> available somewhere?
    >>>
    >>> Specifically I'm running CopSSH (Cygwin/OpenSSH) on a Windows
    >>> workstation. I want to log failed connection attempts to a file, not the
    >>> windows event system. How do I do it?
    >>>
    >>> Thanks.

    >>
    >> They specify what 'facility' or category the generated syslog entries are
    >> sent as. It is a syslog thing. man syslog.conf for more info.

    >
    >The fact that these are syslog facilities doesn't change the fact that the
    >doc isn't saying what gets logged via which facility.


    Did you really do the 'man syslog.conf'? The facility is just a tag to
    indicate what part of the system generated the message (to be able to
    e.g. split logging into different files at the syslog server), changing
    it doesn't affect what gets logged. And since only one facility can be
    set, all sshd's logging will be done via that facility - this is the
    norm for Unix daemons (and also makes sense given the purpose of the
    facility tag).

    >However, because it's syslog, it's probably organized as a list with a
    >beginning and an end. One end of the list logs nothing or next to
    >nothing; the other end logs "everything".


    You're probably thinking of the 'priority' part, which will indeed
    typically vary between messages logged by a given daemon. I'm not aware
    of any documentation of which messages get logged at which priority by
    sshd, nor in fact of which messages get logged at all. This is also the
    norm for Unix daemons.:-)

    --Per Hedeland
    per@hedeland.org

+ Reply to Thread