On Mon, Dec 09, 2002 at 05:22:50PM -0500, wolverine wrote:
Hello,
I have spent the last day hacking around with syslog-ng, and thinks is great. I have just one problem that I have not found an answer to in searching google. I am having difficulty getting it to pick up the entries from sshd2. I have sshd2 set up for SyslogFacility AUTH, and get authentication attempts logged in /var/log/secure using the standard logger, but cannot get them picked up by syslog-ng. I have tried some of the various filters that I have found, but still no information shows up. Anyone have this working?
syslog-ng version 1.4.17 Mandrake 8.1, 8.2, 9.0, SSH 3.2.2
At this point, just getting it to log local is fine, as I have been able to get logs to be sent using stunnel, but pretty much gutted the configs down to get this working.
Thanks go out to all for syslog-ng and for their support.
Linux likes to use the LOG_AUTHPRIV facility for everything, and call AUTH legacy and unsecure due to syslogds habbit of writing to messages which is readable by all. Whatever... *all* my logs are readable only by root. Users can darned well write to a log file. Filter for both AUTH and AUTHPRIV and you will be happy. If you have a BSD system that is causing you grief, it uses LOG_SECURE (not found under Linux). The syslog-ng server is easily hacked to know about the many oddities of "better" facilties. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary (_)/(_) I should be biking right now. Computer Science