Operating System - HP-UX
1748159 Members
4046 Online
108758 Solutions
New Discussion

Re: Redirect ssh messages

 
SOLVED
Go to solution
Andy Benegas
Advisor

Redirect ssh messages

I am running HP-UX 11.31 and trying to redirect ssh messages from the syslog.log to sshlog.log. From a forum discussion I tried the following:

 

(1) Enable the following lines in /opt/ssh/etc/sshd_config:

SyslogFacility AUTH
LogLevel INFO

(2) Stop sshd using the command /sbin/init.d/secsh stop

(3) Start sshd using the command /sbin/init.d/secsh start

(4) Add the following line to /etc/syslog.conf:

auth.info;mail.none /var/adm/syslog/sshd.log

(5) Change this line in /etc/syslog.conf:
from:
*.info;mail.none /var/adm/syslog/syslog.log

to:
*.info;auth.none;mail.none /var/adm/syslog/syslog.log

(6) Stop syslogd using the command /sbin/init.d/syslogd stop

(7) Start syslogd using the command /sbin/init.d/syslogd start

 

The ssh messages are no longer appearing in the syslog.log but I do not see the ssh.log. Are the steps I performed valid for HP-UX 11.31? Is there something wrong with the steps I performed?

3 REPLIES 3
Patrick Wallek
Honored Contributor
Solution

Re: Redirect ssh messages

Your steps sound good and are similar to one of the test systems I have access to.

 

The one caveat is your syslog.conf file.  When you added the line for 'auth.info' did you hit the TAB key before specifying the file name?  If not, that is your problem.  The fields in syslog.conf **MUST** be separated by a TAB and nothing else.

 

Your line should be:

 

auth.info;mail.none<hit the TAB key here>/var/adm/syslog/sshd.log

 

Once you verify / modify that.  Try stoppig and restarting syslog again and see what happens.

Andy Benegas
Advisor

Re: Redirect ssh messages

Patrick,

 

Thank you for your reply. That resolved the issue. I am now seeing a ssh.log as well as a syslog.log. I will monitor the ssh.log to determine if the ssh messages appear.

 

Thanks Again,

Andy

Patrick Wallek
Honored Contributor

Re: Redirect ssh messages

Excellent news. 

 

The syslog.conf file is the ONLY file I know of with the TAB requirement between fields.  That is a very common problem.

 

To test the messages going to various log files  you can always use the logger command.

 

To test auth.info going to your sshd.log file you can do:

 

# logger -p auth.info "This is a auth.info test message"

 

To test regular messages:

 

# logger "This is a test message"

 

For more information

# man logger