Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cygwin_openssh logging
Special Forums Windows & DOS: Issues & Discussions Cygwin_openssh logging Post 302985310 by jim mcnamara on Tuesday 8th of November 2016 08:08:32 AM
Old 11-08-2016
I'm confused. What problem are you trying to solve?
For example from the cygwin forums:
Quote:
Sshd (the daemon) logs by default on the Windows Event Application list, this
can be changed in the configuration (/etc/sshd_config) so that it can log using
syslog (a separate package not installed by default).

It also logs to wtmp, you can see who loged in and from where but entries are
not distinguishable from telnet/ftp/or any other logins.

One example of failed login in the event log (very common when somebody tries to
"break" into your computer) is (6 events):

The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The local
computer may not have the necessary registry information or message DLL files to
display messages from a remote computer. You may be able to use the /AUXSOURCE=
flag to retrieve this description; see Help and Support for details. The
following information is part of the event: sshd : PID 2868 : Invalid user lidia
from 61.129.117.112.
If so, search the cygwin.com site for your problem. I am not an expert on cygwin authentication and logging. It is somewhat unlike other unixes.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Logging

I have a SCO R5 Open Server Box running at a remote location, and from time to time it seems to "spontaneously" re-boot itself. Is there a specific log file that I can examine to see why the machine is doing this ? Any suggestions gratefully appreciated (1 Reply)
Discussion started by: pcs7088
1 Replies

2. Shell Programming and Scripting

Logging

G'day Just wondering if anyone out there knows how to log files, using the example I provided in the earlier message / question earlier today: :confused: If I was to backup a file, how could I setup a log file to record the filename, date (This one I've got figured), and that the file was... (4 Replies)
Discussion started by: Aussie_Bloke
4 Replies

3. Cybersecurity

logging

is there a log/ how do i make a log that logs every packet inbound or outbound through my server? I want every packet or packet fragment to be logged that comes to my server. (5 Replies)
Discussion started by: The Fridgerator
5 Replies

4. UNIX for Dummies Questions & Answers

logging when someone changes to su

Is there a file that captures info whenever someone logs to su? i know it comes across as standard output on the server, but is it saved anywhere? Time and date info included?? thanks, kym (1 Reply)
Discussion started by: kymberm
1 Replies

5. UNIX for Dummies Questions & Answers

Asking about logging in

Hi, just wriiten a sh script and as my script will try to log into another server to delete some files but when i run , it keeps on saying that my files do not exist. It seems to refer to my local directory instead. Below is my script : FTP_HOST=ip_number FTP_USER="user password" ... (1 Reply)
Discussion started by: blueberry80
1 Replies

6. UNIX for Dummies Questions & Answers

need more logging

Hi all! On our current Solaris 8 machine we only have "standard" logging configured, and now i need to put on more. What i specificly need is time in the logfiles. Ex. When a user is logging in, when a user makes it self SU. etc. Regards... dOzY (3 Replies)
Discussion started by: dozy
3 Replies

7. Programming

Logging

Hi How to manage logging in an application. Actually I am developing a Client-Server application in c/c++ and want to manage an optional logging in my application, but since prior I have never done ths activity. Plz guide me. thanks. (2 Replies)
Discussion started by: sumsin
2 Replies

8. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

9. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

10. Windows & DOS: Issues & Discussions

Cygwin_openssh time stamps

I've installed cygwin_openssh on Windows 2012 R2 and it's working great. My issue is when a file is uploaded say from a different timezone, when it is uploaded, it doesnt pick up the sftp servers time.. Is there a way to fix that? i.e. When someone in PST uploads a file to this server in EST,... (0 Replies)
Discussion started by: MikeAdkins
0 Replies

LEARN ABOUT SUSE

audispd.conf

AUDISPD.CONF:(5)					  System Administration Utilities					  AUDISPD.CONF:(5)

NAME

       audispd.conf - the audit event dispatcher configuration file

DESCRIPTION

       audispd.conf is the file that controls the configuration of the audit event dispatcher. The options that are available are as follows:

       q_depth
	      This is a numeric value that tells how big to make the internal queue of the audit event dispatcher. A bigger queue lets it handle a
	      flood of events better, but could hold events that are not processed when the daemon is terminated. If you get  messages	in  syslog
	      about events getting dropped, increase this value. The default value is 80.

       overflow_action
	      This  option  determines how the daemon should react to overflowing its internal queue. When this happens, it means that more events
	      are being received than it can get rid of. This error means that it is going to lose the current event its trying  to  dispatch.	It
	      has  the	following  choices:  ignore, syslog, suspend, single, and halt.  If set to ignore, the audisp daemon does nothing.  syslog
	      means that it will issue a warning to syslog.  suspend will cause the audisp daemon to stop processing events. The daemon will still
	      be alive. The single option will cause the audisp daemon to put the computer system in single user mode.	halt option will cause the
	      audisp daemon to shutdown the computer system.

       priority_boost
	      This is a non-negative number that tells the audit event dispatcher how much of a priority boost it should take. This  boost  is	in
	      addition to the boost provided from the audit daemon. The default is 4. No change is 0.

       max_restarts
	      This  is	a  non-negative  number  that  tells the audit event dispatcher how many times it can try to restart a crashed plugin. The
	      default is 10.

       name_format
	      This option controls how computer node names are inserted into the audit event stream. It has the following choices: none, hostname,
	      fqd,  numeric,  and  user.  None means that no computer name is inserted into the audit event.  hostname is the name returned by the
	      gethostname syscall. The fqd means that it takes the hostname and resolves it with dns for a fully qualified  domain  name  of  that
	      machine.	Numeric is similar to fqd except it resolves the IP address of the machine.  User is an admin defined string from the name
	      option. The default value is none.

       name   This is the admin defined string that identifies the machine if user is given as the name_format option.

SEE ALSO

       audispd(8)

Red Hat 							     Jan 2008							  AUDISPD.CONF:(5)
All times are GMT -4. The time now is 08:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy