[syslog-ng]sshd2 logging needed
Brad Arlt
arlt@cpsc.ucalgary.ca
Mon, 9 Dec 2002 19:50:02 -0700
On Mon, Dec 09, 2002 at 08:43:50PM -0500, Ed Ravin wrote:
> Brad Arlt writes:
> > > I am having difficulty getting [syslog-ng] to pick up the
> > > entries from sshd2.
>
> Which reminds me - I'm using OpenSSHd on a bunch of machines,
> with the privilege separation feature enabled, and it turns out
> that some of the log messages disappear unless you add another
> log device (/var/run/log in *BSD) into the chroot used by OpenSSHd.
If you chroot this is expected. Programs do their logging via
/dev/log, and need the device node to do their thing.
-----------------------------------------------------------------------
__o Bradley Arlt Security Team Lead
_ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science