Redirect ssh messages (238 Views)
Reply
Advisor
Andy Benegas
Posts: 18
Registered: ‎10-05-1999
Message 1 of 4 (238 Views)
Accepted Solution

Redirect ssh messages

I am running HP-UX 11.31 and trying to redirect ssh messages from the syslog.log to sshlog.log. From a forum discussion I tried the following:

 

(1) Enable the following lines in /opt/ssh/etc/sshd_config:

SyslogFacility AUTH
LogLevel INFO

(2) Stop sshd using the command /sbin/init.d/secsh stop

(3) Start sshd using the command /sbin/init.d/secsh start

(4) Add the following line to /etc/syslog.conf:

auth.info;mail.none /var/adm/syslog/sshd.log

(5) Change this line in /etc/syslog.conf:
from:
*.info;mail.none /var/adm/syslog/syslog.log

to:
*.info;auth.none;mail.none /var/adm/syslog/syslog.log

(6) Stop syslogd using the command /sbin/init.d/syslogd stop

(7) Start syslogd using the command /sbin/init.d/syslogd start

 

The ssh messages are no longer appearing in the syslog.log but I do not see the ssh.log. Are the steps I performed valid for HP-UX 11.31? Is there something wrong with the steps I performed?

Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,714
Registered: ‎06-21-2000
Message 2 of 4 (227 Views)

Re: Redirect ssh messages

Your steps sound good and are similar to one of the test systems I have access to.

 

The one caveat is your syslog.conf file.  When you added the line for 'auth.info' did you hit the TAB key before specifying the file name?  If not, that is your problem.  The fields in syslog.conf **MUST** be separated by a TAB and nothing else.

 

Your line should be:

 

auth.info;mail.none<hit the TAB key here>/var/adm/syslog/sshd.log

 

Once you verify / modify that.  Try stoppig and restarting syslog again and see what happens.

Please use plain text.
Advisor
Andy Benegas
Posts: 18
Registered: ‎10-05-1999
Message 3 of 4 (221 Views)

Re: Redirect ssh messages

Patrick,

 

Thank you for your reply. That resolved the issue. I am now seeing a ssh.log as well as a syslog.log. I will monitor the ssh.log to determine if the ssh messages appear.

 

Thanks Again,

Andy

Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,714
Registered: ‎06-21-2000
Message 4 of 4 (217 Views)

Re: Redirect ssh messages

[ Edited ]

Excellent news. 

 

The syslog.conf file is the ONLY file I know of with the TAB requirement between fields.  That is a very common problem.

 

To test the messages going to various log files  you can always use the logger command.

 

To test auth.info going to your sshd.log file you can do:

 

# logger -p auth.info "This is a auth.info test message"

 

To test regular messages:

 

# logger "This is a test message"

 

For more information

# man logger

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation