Re: Configuring SFTP logging in a chrooted environment (492 Views)
Reply
Frequent Advisor
KathyL1
Posts: 58
Registered: ‎02-17-2005
Message 1 of 3 (528 Views)

Configuring SFTP logging in a chrooted environment

I implemented the logging method described in the earlier topic on this subject and I also implemented the logging method described in the document referred to in the first post of that topic ("How to Configure SFTP Logging in a Chrooted Environment") but I cannot get either logging method to work.

 

When I implement the first logging method I do not get any errors but there is also no information logged in either /var/adm/syslog/syslog.log or /var/adm/syslog/local4.log in relation to file transfers.

 

When I implement the second logging method the '/newroot/var/adm/syslog/local7-info.log' file is not created and the following error message is logged in the /newroot/var/adm/syslog/syslog.log file:

Oct  3 00:24:50 3F:hostname can't open /dev/klog

 

My servers are running HP-UX 11.31 (September 2011 update) with SecureShell A.05.08.004 and I'm using WinSCP for SFTP access from a Windows computer.

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 3 (509 Views)

Re: Configuring SFTP logging in a chrooted environment

Traditionally, syslogd never creates any new log files: it only appends to existing log files. This is probably to protect against accidentally overwriting important logs if multiple copies of syslogd are started accidentally or some malicious trickery is going on. Run "touch /newroot/var/adm/syslog/local7-info.log" to create the file, and assign it suitable ownership and permissions.

 

The "can't open /dev/klog" message is harmless in this situation: the syslogd is attempting to connect to /dev/klog in order to receive kernel log messages, but there is no need to have that device node within the chroot. You might get rid of that message by creating an empty file at /newroot/dev/klog.

 

The method suggested by grahamswilson in the earlier topic you mentioned looks promising, but remember that it will only work if the "magic cat" command is running - and that process must run with the real root filesystem, not within the chroot.

MK
Frequent Advisor
KathyL1
Posts: 58
Registered: ‎02-17-2005
Message 3 of 3 (492 Views)

Re: Configuring SFTP logging in a chrooted environment

Traditionally, syslogd never creates any new log files: it only appends to existing log files.

My environment is 11iv3 September 2011 and according to the syslogd man page from September 2010 (attached) the log file is created if it does not already exist.  That said, I've manually created the necessary log files (and assigned the appropriate permissions) in both the real and chrooted filesystems but it hasn't made any difference.

 

The method suggested by grahamswilson ... will only work if the "magic cat" command is running

The cat command is definitely running (with all output directed to /dev/log).

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.