04-11-2006
In MY /etc/syslog.conf, I have something telling the 'AUTH' messages where to 'go':
auth.info <tab><tab><tab> ifdef(`LOGHOST', /var/log/authlog, @loghost)
If I do NOT have the machine 'loghost' defined on my network, AND I want all my 'logs' written locally,
I add an "alias" for 'THIS' machine as loghost in /etc/hosts.
If you have an entry in /etc/hosts for your machine that looks like this:
10.232.232.123 myhost.mydomain.com myhost
Then ADD 'loghost' to make the entry look like:
10.232.232.123 myhost.mydomain.com myhost loghost
THAT way, all your logs will stay on 'this' machine.
This should also work for you. Make SURE the 'whitespace' between columns are TABS, not 'spaces'.
There should be *NO* spaces between columns in /etc/syslog.conf.
Also, I do a:
touch /var/log/authlog
To make sure the file is there for syslog to write to, although I am NOT sure if this is necessary.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
i just downloaded and installed succesfully openssh server, and am running it on netbsd 1.5, i can not login with anyuser, i enabled root login just to see what happens and i can login as root, but no other user, i checked my config and most things are default, whats going on? has any one else had... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
2. AIX
need some clarification:
if i ssh to the server & i restart the sshd process, did my connection gone?
one more thing, there are a few sshd processes in aix, how do i restart it all to read new config? using HUP?
thanks in advance! (2 Replies)
Discussion started by: ashterix
2 Replies
3. AIX
Friends,
I made the installation of the ssh in the it conspires,
I configured in the ssh_config the following
parameters..
SyslogFacility AUTH
LogLevel INFO
that should generate sshd.log in the /var/log.... more no this generating.
Somebody could help myself in... (0 Replies)
Discussion started by: sandba
0 Replies
4. UNIX for Dummies Questions & Answers
Can someone tell me the difference between the (2) listed below:
oracle pts/1 ip1 May1 7:11 9:11
oracle sshd ip1 May1 7:11 8:22
How do I read the above information, the fact that the row for pts/1 has a longer time duration than the row for sshd. Why is the... (2 Replies)
Discussion started by: banyan
2 Replies
5. AIX
I installed OpenSSH on AIX 5.1 but when I try to start it, it says:
bash-2.05a# /usr/sbin/sshd
bash-2.05a#
bash-2.05a# tail /var/adm/syslog.out
Jan 8 11:52:22 xyz sshd: fatal: Cannot bind any address.
:confused: (31 Replies)
Discussion started by: untamed
31 Replies
6. Solaris
Hi,
I was able to putty a few server (Solaris 10) of mine using hostname, but when i change to ip address, it shows
login as: root
Using keyboard-interactive authentication.
Password:
Access denied
I change PermitRootLogin to yes. I tried to do a sshd restart, however
... (6 Replies)
Discussion started by: beginningDBA
6 Replies
7. Solaris
I have shamelessly tried all the possible ways to see if my /var/adm/loginlog logs user access entries for ssh but nothing has worked for me so far..:confused:
for telnet login its working fine.
Adding auth.info in syslog.conf works but i dont want that output.
Is there any way to edit... (2 Replies)
Discussion started by: ningy
2 Replies
8. Solaris
Hi
I wanted to convert my pam libraries to 64 bit. so recently compiled my pam_banner and pam_wheel to 64 bit.
I got the following error...
sshd: dlsym failed pam_sm_authenticate:error ld.so.1 : sshd fatal: pam_sm_authenticate: can't find symbol
thnaks (8 Replies)
Discussion started by: chinchao
8 Replies
9. UNIX for Advanced & Expert Users
Hi there
I was wondering, is there anyway I can change the appearance of sshd logs output in /var/log/sshderr.log and /var/log/sshd.log. Right now, its showing as such:
sshd: error: PAM: Authentication failure for it.sysadm from cijXXX.jp.mitsubishi-motors.com
sshd: Accepted... (10 Replies)
Discussion started by: hedkandi
10 Replies
10. Red Hat
Hi,
Do you know what cause the error message ?
Nov 19 13:42:19 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in /etc/environment', ignoring
Nov 19 13:42:20 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in... (0 Replies)
Discussion started by: xitrum
0 Replies
LEARN ABOUT CENTOS
systemd-journald.service
SYSTEMD-JOURNALD.SERVICE(8) systemd-journald.service SYSTEMD-JOURNALD.SERVICE(8)
NAME
systemd-journald.service, systemd-journald.socket, systemd-journald - Journal service
SYNOPSIS
systemd-journald.service
systemd-journald.socket
/usr/lib/systemd/systemd-journald
DESCRIPTION
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on
logging information that is received from the kernel, from user processes via the libc syslog(3) call, from STDOUT/STDERR of system
services or via its native API. It will implicitly collect numerous meta data fields for each log messages in a secure and unfakeable way.
See systemd.journal-fields(7) for more information about the collected meta data.
Log data collected by the journal is primarily text-based but can also include binary data where necessary. All objects stored in the
journal can be up to 2^64-1 bytes in size.
By default, the journal stores log data in /run/log/journal/. Since /run/ is volatile, log data is lost at reboot. To make the data
persistent, it is sufficient to create /var/log/journal/ where systemd-journald will then store the data.
systemd-journald will forward all received log messages to the AF_UNIXSOCK_DGRAM socket /run/systemd/journal/syslog, if it exists, which
may be used by Unix syslog daemons to process the data further.
See journald.conf(5) for information about the configuration of this service.
SIGNALS
SIGUSR1
Request that journal data from /run/ is flushed to /var/ in order to make it persistent (if this is enabled). This must be used after
/var/ is mounted, as otherwise log data from /run is never flushed to /var regardless of the configuration.
SIGUSR2
Request immediate rotation of the journal files.
KERNEL COMMAND LINE
A few configuration parameters from journald.conf may be overridden on the kernel command line:
systemd.journald.forward_to_syslog=, systemd.journald.forward_to_kmsg=, systemd.journald.forward_to_console=
Enables/disables forwarding of collected log messages to syslog, the kernel log buffer or the system console.
See journald.conf(5) for information about these settings.
ACCESS CONTROL
Journal files are, by default, owned and readable by the "systemd-journal" system group but are not writable. Adding a user to this group
thus enables her/him to read the journal files.
By default, each logged in user will get her/his own set of journal files in /var/log/journal/. These files will not be owned by the user,
however, in order to avoid that the user can write to them directly. Instead, file system ACLs are used to ensure the user gets read access
only.
Additional users and groups may be granted access to journal files via file system access control lists (ACL). Distributions and
administrators may choose to grant read access to all members of the "wheel" and "adm" system groups with a command such as the following:
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
Note that this command will update the ACLs both for existing journal files and for future journal files created in the /var/log/journal/
directory.
FILES
/etc/systemd/journald.conf
Configure systemd-journald behaviour. See journald.conf(5).
/run/log/journal/machine-id/*.journal, /run/log/journal/machine-id/*.journal~, /var/log/journal/machine-id/*.journal,
/var/log/journal/machine-id/*.journal~
systemd-journald writes entries to files in /run/log/journal/machine-id/ or /var/log/journal/machine-id/ with the ".journal" suffix. If
the daemon is stopped uncleanly, or if the files are found to be corrupted, they are renamed using the ".journal~" suffix, and
systemd-journald starts writing to a new file. /run is used when /var/log/journal is not available, or when Storage=volatile is set in
the journald.conf(5) configuration file.
SEE ALSO
systemd(1), journalctl(1), journald.conf(5), systemd.journal-fields(7), sd-journal(3), setfacl(1), pydoc systemd.journal.
systemd 208 SYSTEMD-JOURNALD.SERVICE(8)