10-09-2013 12:27 PM
I am running HP-UX 11.31 and trying to redirect ssh messages from the syslog.log to sshlog.log. From a forum discussion I tried the following:
(1) Enable the following lines in /opt/ssh/etc/sshd_config:
(2) Stop sshd using the command /sbin/init.d/secsh stop
(3) Start sshd using the command /sbin/init.d/secsh start
(4) Add the following line to /etc/syslog.conf:
(5) Change this line in /etc/syslog.conf:
(6) Stop syslogd using the command /sbin/init.d/syslogd stop
(7) Start syslogd using the command /sbin/init.d/syslogd start
The ssh messages are no longer appearing in the syslog.log but I do not see the ssh.log. Are the steps I performed valid for HP-UX 11.31? Is there something wrong with the steps I performed?
Solved! Go to Solution.
10-09-2013 01:02 PM
Your steps sound good and are similar to one of the test systems I have access to.
The one caveat is your syslog.conf file. When you added the line for 'auth.info' did you hit the TAB key before specifying the file name? If not, that is your problem. The fields in syslog.conf **MUST** be separated by a TAB and nothing else.
Your line should be:
auth.info;mail.none<hit the TAB key here>/var/adm/syslog/sshd.log
Once you verify / modify that. Try stoppig and restarting syslog again and see what happens.
10-09-2013 01:15 PM
Thank you for your reply. That resolved the issue. I am now seeing a ssh.log as well as a syslog.log. I will monitor the ssh.log to determine if the ssh messages appear.
10-09-2013 01:24 PM - edited 10-09-2013 01:24 PM
The syslog.conf file is the ONLY file I know of with the TAB requirement between fields. That is a very common problem.
To test the messages going to various log files you can always use the logger command.
To test auth.info going to your sshd.log file you can do:
# logger -p auth.info "This is a auth.info test message"
To test regular messages:
# logger "This is a test message"
For more information
# man logger