[syslog-ng] Solaris & Linux (RH6) Console and SSH Use Logging

wiskbroom at hotmail.com wiskbroom at hotmail.com
Mon Jun 8 20:24:56 CEST 2015 

Thank you Balazs

I've added this, which seems to be working now just fine:

#
# Syslog Client Config Addtitions/Changes
#
 
authpriv,auth.info;local2.info                   /var/log/userslog
authpriv,auth.notice                                    /var/log/userslog
authpriv,auth.error;local2.error             /var/log/userslog
 
authpriv,auth.*,user.notice     @@syslog-NG:514

Date: Tue, 19 May 2015 21:50:47 +0200
From: bazsi77 at gmail.com
To: syslog-ng at lists.balabit.hu
Subject: Re: [syslog-ng] Solaris & Linux (RH6) Console and SSH Use Logging

Generally you'll need a filter facility (auth) but you should check that first by sending the logs. 
On Apr 28, 2015 7:06 PM,  <wiskbroom at hotmail.com> wrote:



Greetings;

This is question is slightly OT, but I can't imagine a better place to ask; so please, no flames.

I would like to begin logging all attempts (succesful, failed, no password given, etc) to login to Sparc/Solaris machines, as well as RedHat 6 Linux boxes.  My clients are using stock syslog, but my server is running syslog-NG; my second goal is to redirect all login type logs to just one file for ALL of my Solaris & Linux servers.

Does anyone have a known good syslog config file for both Solaris, and Linux?

Also, a good syslog-NG entry to force just the console and ssh data into a separate file?

Thank you!

.vp
 		 	   		  

______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq






______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150608/57fe6fea/attachment.htm

More information about the syslog-ng mailing list