topic Re: Multiple /dev/log sockets with syslogd - for chroot environments in Operating System - HP-UX

Multiple /dev/log sockets with syslogd - for chroot environments

Simon Hargrave — Tue, 19 Dec 2006 07:26:52 GMT

Hi, I'm using sftp in a chroot environment, and logging the transfers with the LogSftp yes option in sshd_config.

This logging works fine in normal sftp transfers, but doesn't when running sftp to a chroot user. In Linux this can be fixed by passing "-a /chroot/path/var/log" to syslogd to give it an extra socket to read from, however hpux only seems to have a -p switch to allow "an alternative" socket rather than multiple.

Is there any way to achieve this with hpux syslogd? I don't think running multiple syslogd's is the answer since we'll likely get duplicate messages from the kernel etc.

The syslog requirement is detailed here: -

http://sftplogging.sourceforge.net/download/README

But as said this works on Linux but not on HPUX from what I can see.

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Peter Godron — Tue, 19 Dec 2006 07:54:17 GMT

Simon,
from the ssh guide:
"In a chroot-ed environment, users do not see a subset of syslogmessages. HP-UX Secure Shell writes syslog messages at the time of authentication and when the session is terminated. The syslogddaemon reads the syslog messages written by all subsystems andreports it to the /dev/log file. In a chroot-ed environment, the sshddaemon writes its syslog messages to /dev/log. It is notpossible to link the /dev/log file to the /dev/log file,resulting in users not being able to view the subset of syslogmessages.Workaround: There is no workaround for this problem. Users of chroot-ed HP-UX Secure Shell environments must be aware that a subset of messages written by the sshd daemon will not show up in syslog."

So I read this that it is not possible.

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Peter Godron — Wed, 20 Dec 2006 05:09:26 GMT

Simon,
thanks for the points.

"4- 7: The answer helped with a portion of my question, but I still need some additional help!"

What part of the question do you need further help with ? Please keep the thread updated, so people can respond quickly.

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Simon Hargrave — Thu, 21 Dec 2006 06:31:21 GMT

Hi

I didn't give a "The answer has solved my problem completely! Now I'm a happy camper!" because it's still technically possible for someone to come up with ideas or workarounds - the present answer is so defeatist :D Whilst that document says it's not possible, that document clearly applies to the HPUX syslogd since it is a restriction of that particular implementation of syslog that can only read from one /dev/log.

Someone for example may report that they have compiled and used GNU syslogd for example, or used some third-party tool or script that can read messages from /newroot/dev/log socket and replicate them into the real /dev/log.

Have some more points anyway :D