[syslog-ng]sshd2 logging needed
wolverine
wolverine@webworxmedia.com
Tue, 10 Dec 2002 08:43:58 -0500
That did the trick. I am attaching the sections below, and the output I
was looking for and recieved in case someone else needs it. I also took
a look at the "expanded syslog-ng.conf" file that came in last night.
_NICE_ . Thanks again for the assistance.
filter f_authlog { facility(auth,authpriv); };
destination d_sec { file("/var/log/$HOST/secure.log"); };
destination stunnel { tcp("localhost" port(5141)); };
log { source(s_sys); filter(f_authlog); destination(d_sec); destination(stunnel); };
# Output in logs local and remote
Dec 10 08:41:28 ss-rtcw sshd2[18968]: connection from "192.168.1.248"
Dec 10 08:41:30 ss-rtcw sshd2[27981]: Remote host disconnected: Authentication cancelled by user.
Dec 10 08:41:30 ss-rtcw sshd2[27981]: authentication cancelled by user: 'Authentication cancelled by user.'
Thanks again to everyone.