Andy Benegas

Redirect ssh messages

I am running HP-UX 11.31 and trying to redirect ssh messages from the syslog.log to sshlog.log. From a forum discussion I tried the following:


(1) Enable the following lines in /opt/ssh/etc/sshd_config:

SyslogFacility AUTH
LogLevel INFO

(2) Stop sshd using the command /sbin/init.d/secsh stop

(3) Start sshd using the command /sbin/init.d/secsh start

(4) Add the following line to /etc/syslog.conf:;mail.none /var/adm/syslog/sshd.log

(5) Change this line in /etc/syslog.conf:
*.info;mail.none /var/adm/syslog/syslog.log

*.info;auth.none;mail.none /var/adm/syslog/syslog.log

(6) Stop syslogd using the command /sbin/init.d/syslogd stop

(7) Start syslogd using the command /sbin/init.d/syslogd start


The ssh messages are no longer appearing in the syslog.log but I do not see the ssh.log. Are the steps I performed valid for HP-UX 11.31? Is there something wrong with the steps I performed?

Patrick Wallek
Honored Contributor

Re: Redirect ssh messages

Your steps sound good and are similar to one of the test systems I have access to.


The one caveat is your syslog.conf file.  When you added the line for '' did you hit the TAB key before specifying the file name?  If not, that is your problem.  The fields in syslog.conf **MUST** be separated by a TAB and nothing else.


Your line should be:;mail.none<hit the TAB key here>/var/adm/syslog/sshd.log


Once you verify / modify that.  Try stoppig and restarting syslog again and see what happens.

Andy Benegas

Re: Redirect ssh messages



Thank you for your reply. That resolved the issue. I am now seeing a ssh.log as well as a syslog.log. I will monitor the ssh.log to determine if the ssh messages appear.


Thanks Again,


Patrick Wallek
Honored Contributor

Re: Redirect ssh messages

Excellent news. 


The syslog.conf file is the ONLY file I know of with the TAB requirement between fields.  That is a very common problem.


To test the messages going to various log files  you can always use the logger command.


To test going to your sshd.log file you can do:


# logger -p "This is a test message"


To test regular messages:


# logger "This is a test message"


For more information

# man logger