Duplicate sshd-loginfo - How to configure right? - SSH

This is a discussion on Duplicate sshd-loginfo - How to configure right? - SSH ; Hi! I try to configure sshd version OpenSSH_3.7.1p2 that it logs it's info into a specific logfile instead flooding the standard-message-file /var/log/messages. I found a posting that suggests to leave sshd_config at it's default and modify syslog.conf instead. My recent ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Duplicate sshd-loginfo - How to configure right?

  1. Duplicate sshd-loginfo - How to configure right?

    Hi!

    I try to configure sshd version OpenSSH_3.7.1p2 that it logs it's info
    into a specific logfile instead flooding the standard-message-file
    /var/log/messages. I found a posting that suggests to leave sshd_config
    at it's default and modify syslog.conf instead. My recent configuration
    looks like

    /etc/ssh/sshd_config

    LogLevel INFO
    SyslogFacility AUTH

    /etc/syslog.conf

    auth.info /var/log/auth.log

    Now it seems that sshd does log authentication-details to
    /var/log/auth.log but still keeps on logging to /var/log/messages for I
    find the same line in both logfiles. Does someone see at first glance
    where I am doing wrong?

    Christian


  2. Re: Duplicate sshd-loginfo - How to configure right?

    >
    > Hi!
    > I try to configure sshd version OpenSSH_3.7.1p2 that it logs it's info
    > into a specific logfile instead flooding the standard-message-file
    > /var/log/messages. I found a posting that suggests to leave sshd_config
    > at it's default and modify syslog.conf instead. My recent configuration
    > looks like
    >
    > /etc/ssh/sshd_config
    >
    > LogLevel INFO
    > SyslogFacility AUTH
    >
    > /etc/syslog.conf
    >
    > auth.info /var/log/auth.log
    >
    > Now it seems that sshd does log authentication-details to
    > /var/log/auth.log but still keeps on logging to /var/log/messages for I
    > find the same line in both logfiles. Does someone see at first glance
    > where I am doing wrong?


    You must also configure syslog to *not* send those messages to /var/log/messages.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: Duplicate sshd-loginfo - How to configure right?

    Hey Richard,

    excellent idea. Logic is tricky ;-) Though I might get off topic I'd
    like to complete your answer by posting the last change I had to make
    on the very end of my

    /etc/syslog.conf

    #
    # save the rest in one file
    #
    *.*;mail.none;news.none;auth.!info /var/log/messages

    #
    # sshdlog et al
    #
    auth.info /var/log/auth.log

    That works like it is supposed to. Thanks!

    Best regards,

    Christian


+ Reply to Thread