[syslog-ng] Syslog-NG Openssh RHEL 4
Christopher Bland
chris at fdu.edu
Tue Jan 6 14:41:27 CET 2009
Hi guys,
Having a bit of trouble logging sshd messages to my host. Sshd logs
fine using syslog but I get nothing using Syslog-NG. I tried changing
the SyslogFacility to DAEMON in sshd_config and still nothing. I have
the following lines in my config which should have caught something:
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_local {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-dgram("/dev/log");
# unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(514));
internal();
};
destination secure { file("/var/log/secure"); };
destination messages { file("/var/log/messages"); };
filter f_daemon { facility(daemon); };
filter f_authpriv { facility(auth, authpriv); };
log { source(s_local); filter(f_authpriv); destination(secure); };
log { source(s_local); filter(f_daemon); destination(messages); };
log { source(s_local); destination(loghost); };
My sshd config looks like this:
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
Subsystem sftp /usr/libexec/openssh/sftp-server
Any help is apprciated
-Chris
More information about the syslog-ng
mailing list