How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin) - SSH

This is a discussion on How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin) - SSH ; Hi all, I have set SSH up on my Windows XP Home Edition computer some time ago. I wanted to be able to log all incoming and outgoing SSH traffic / commands issued to the server to a file. Currently, ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin)

  1. How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin)

    Hi all,

    I have set SSH up on my Windows XP Home Edition computer some time
    ago. I wanted to be able to log all incoming and outgoing SSH
    traffic / commands issued to the server to a file. Currently, SSH is
    logging to Windows and the log can be view from Windows Event Viewer.
    This is not what I want and I was hoping to sort of 're-direct' the
    data to a log file somewhere (like say the sshd.log file which isn't
    being used at the moment). I am unable to find a guide on it at all on
    this, nor did I find a solution that solved my problem in this group,
    and I hope someone can help me. Thanks in advance!


  2. Re: How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin)

    On Sep 25, 9:06 pm, Skylive! wrote:

    > I have set SSH up on my Windows XP Home Edition computer some time
    > ago. I wanted to be able to log all incoming and outgoing SSH
    > traffic / commands issued to the server to a file. Currently, SSH is
    > logging to Windows and the log can be view from Windows Event Viewer.
    > This is not what I want and I was hoping to sort of 're-direct' the
    > data to a log file somewhere (like say the sshd.log file which isn't
    > being used at the moment). I am unable to find a guide on it at all on
    > this, nor did I find a solution that solved my problem in this group,
    > and I hope someone can help me. Thanks in advance!


    First install syslog-ng (or syslog which comes with inet-utils). Sshd
    will start using /var/log/messages instead of the Windows event list.

    Second, change sshd_config to use "SyslogFacility LOCAL5" or similar
    instead of AUTH.

    Last, configure syslog-ng.conf creating a filter for local5 and
    directing the log to whatever file you want.

    Untested, but it should work.
    --
    René Berber


  3. Re: How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin)

    Thank you, René!
    I long waited for this info.
    I had to figure out some details, which aren't self-explaining, so I add
    them to the description.

    René Berber wrote:

    > On Sep 25, 9:06 pm, Skylive! wrote:
    >
    > > I have set SSH up on my Windows XP Home Edition computer some time
    > > ago. I wanted to be able to log all incoming and outgoing SSH
    > > traffic / commands issued to the server to a file. Currently, SSH is
    > > logging to Windows and the log can be view from Windows Event Viewer.
    > > This is not what I want and I was hoping to sort of 're-direct' the
    > > data to a log file somewhere (like say the sshd.log file which isn't
    > > being used at the moment). I am unable to find a guide on it at all on
    > > this, nor did I find a solution that solved my problem in this group,
    > > and I hope someone can help me. Thanks in advance!

    >
    > First install syslog-ng (or syslog which comes with inet-utils).

    This means:
    - Install syslog-ng by the cygwin setup. It is in group "Admin".
    - run the script /bin/syslog-ng-config

    > Second, change sshd_config to use "SyslogFacility LOCAL5" or similar
    > instead of AUTH.


    Then, make syslog-ng start automatically at each system boot by issuing
    the commands
    cygrunsrv -I syslog-ng -p /usr/sbin/syslog-ng
    cygrunsrv -S syslog-ng

    > Last, configure syslog-ng.conf creating a filter for local5 and
    > directing the log to whatever file you want.


    I did not need this. Logging goes into /var/log/messages


    --
    Wilfried Hennings
    please reply in the newsgroup, the e-mail address is invalid

+ Reply to Thread