no sshd log


 
Thread Tools Search this Thread
Operating Systems Solaris no sshd log
# 1  
Old 03-29-2006
no sshd log

[solaris x86.]

My ssh log appear to the screen which i want it to be log to /var/log/sshd.log

how to log the sshd to /var/log?
# 2  
Old 03-29-2006
use syslog from this file /etc/syslog.conf

http://www.cert.org/security-improve...s/i041.12.html
# 3  
Old 03-30-2006
I try to test as the link but couldnt works...my configuration as below

this is my syslog.conf

Code:
bash-2.03$ vi /etc/syslog.conf 
"/etc/syslog.conf" [Read only] 37 lines, 1035 characters 
#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines w{ll use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
)


and this part of my sshd_config

Code:
# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

and in my /var/log only contain this:
bash-2.03# ls -l
total 4
-rw------- 1 root sys 0 Mar 28 15:18 authlog
-rw-r--r-- 1 root sys 1357 Mar 30 10:00 syslog
bash-2.03#
# 4  
Old 03-30-2006
Bug

any idea?..........................
# 5  
Old 04-11-2006
In MY /etc/syslog.conf, I have something telling the 'AUTH' messages where to 'go':

auth.info <tab><tab><tab> ifdef(`LOGHOST', /var/log/authlog, @loghost)

If I do NOT have the machine 'loghost' defined on my network, AND I want all my 'logs' written locally,
I add an "alias" for 'THIS' machine as loghost in /etc/hosts.

If you have an entry in /etc/hosts for your machine that looks like this:

10.232.232.123 myhost.mydomain.com myhost

Then ADD 'loghost' to make the entry look like:

10.232.232.123 myhost.mydomain.com myhost loghost

THAT way, all your logs will stay on 'this' machine.

This should also work for you. Make SURE the 'whitespace' between columns are TABS, not 'spaces'.
There should be *NO* spaces between columns in /etc/syslog.conf.

Also, I do a:

touch /var/log/authlog

To make sure the file is there for syslog to write to, although I am NOT sure if this is necessary.
# 6  
Old 04-01-2009
auth.info + restart

just add the following line into the /etc/syslog.conf

auth.info /var/log/authlog

and restart syslog service by
svcadm restart svc:/system/system-log:default
after that you may test ssh connections and their log
should be in /var/log/authlog Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Sshd - error

Hi, Do you know what cause the error message ? Nov 19 13:42:19 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in /etc/environment', ignoring Nov 19 13:42:20 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in... (0 Replies)
Discussion started by: xitrum
0 Replies

2. UNIX for Advanced & Expert Users

SSHD config in Suse

Hi there I was wondering, is there anyway I can change the appearance of sshd logs output in /var/log/sshderr.log and /var/log/sshd.log. Right now, its showing as such: sshd: error: PAM: Authentication failure for it.sysadm from cijXXX.jp.mitsubishi-motors.com sshd: Accepted... (10 Replies)
Discussion started by: hedkandi
10 Replies

3. Solaris

pam sshd error

Hi I wanted to convert my pam libraries to 64 bit. so recently compiled my pam_banner and pam_wheel to 64 bit. I got the following error... sshd: dlsym failed pam_sm_authenticate:error ld.so.1 : sshd fatal: pam_sm_authenticate: can't find symbol thnaks (8 Replies)
Discussion started by: chinchao
8 Replies

4. Solaris

sshd and loginlog

I have shamelessly tried all the possible ways to see if my /var/adm/loginlog logs user access entries for ssh but nothing has worked for me so far..:confused: for telnet login its working fine. Adding auth.info in syslog.conf works but i dont want that output. Is there any way to edit... (2 Replies)
Discussion started by: ningy
2 Replies

5. Solaris

sshd not able to restart

Hi, I was able to putty a few server (Solaris 10) of mine using hostname, but when i change to ip address, it shows login as: root Using keyboard-interactive authentication. Password: Access denied I change PermitRootLogin to yes. I tried to do a sshd restart, however ... (6 Replies)
Discussion started by: beginningDBA
6 Replies

6. AIX

SSHD does not start

I installed OpenSSH on AIX 5.1 but when I try to start it, it says: bash-2.05a# /usr/sbin/sshd bash-2.05a# bash-2.05a# tail /var/adm/syslog.out Jan 8 11:52:22 xyz sshd: fatal: Cannot bind any address. :confused: (31 Replies)
Discussion started by: untamed
31 Replies

7. UNIX for Dummies Questions & Answers

sshd question

Can someone tell me the difference between the (2) listed below: oracle pts/1 ip1 May1 7:11 9:11 oracle sshd ip1 May1 7:11 8:22 How do I read the above information, the fact that the row for pts/1 has a longer time duration than the row for sshd. Why is the... (2 Replies)
Discussion started by: banyan
2 Replies

8. AIX

It helps in the sshd on sshd.log

Friends, I made the installation of the ssh in the it conspires, I configured in the ssh_config the following parameters.. SyslogFacility AUTH LogLevel INFO that should generate sshd.log in the /var/log.... more no this generating. Somebody could help myself in... (0 Replies)
Discussion started by: sandba
0 Replies

9. AIX

sshd restart

need some clarification: if i ssh to the server & i restart the sshd process, did my connection gone? one more thing, there are a few sshd processes in aix, how do i restart it all to read new config? using HUP? thanks in advance! (2 Replies)
Discussion started by: ashterix
2 Replies

10. UNIX for Dummies Questions & Answers

sshd

i just downloaded and installed succesfully openssh server, and am running it on netbsd 1.5, i can not login with anyuser, i enabled root login just to see what happens and i can login as root, but no other user, i checked my config and most things are default, whats going on? has any one else had... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question