Community
System Administration
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Re: how to filter sshd in syslog.log to other file

 
SOLVED
Go to solution
Miguel Rodriguez_3
Frequent Advisor

‎11-21-2003 01:38 AM

‎11-21-2003 01:38 AM

how to filter sshd in syslog.log to other file

I have a lot of messages like this in my /var/adm/syslog/syslog.log:

Nov 21 09:14:24 hostname sshd[13687]: Accepted password for oracle from 10.0.0.1 port 2831 ssh2
Nov 21 09:15:26 rubis sshd[14241]: Could not reverse map address 10.0.0.1.

How can I configure my /etc/syslog.conf in order to redirect these sshd messages to other file like /var/adm/syslog/sshd.log.

Right now I have configured ftpd and mail messages to other files.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎11-21-2003 01:43 AM

‎11-21-2003 01:43 AM

Re: how to filter sshd in syslog.log to other file

Threads that may help"
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=150919

This doc for sure:
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90685/B2355-90685_top.html&con=/hpux/onlinedocs/B2355-90685/00/00/11-con.html&toc=/hpux/onlinedocs/B2355-90685/00/00/11-toc.html&searchterms=configuration%7csyslog.conf&queryid=20031121-074202

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎11-21-2003 01:44 AM

‎11-21-2003 01:44 AM

Re: how to filter sshd in syslog.log to other file

Hi

How about:-
Cat syslog.log | grep sshd > sshd.log


Pqaula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎11-21-2003 01:49 AM

‎11-21-2003 01:49 AM

Solution

Re: how to filter sshd in syslog.log to other file

Change sshd's syslog facility in /etc/opt/ssh/sshd_config.

Then edit /etc/syslog.conf to log that facility to a different file.

eg:

local1.debug /var/adm/syslog/sshd.log

Make sure you add 'local1.none' to other rules or you still get sshd entries in the system log files.

Restart sshd and syslogd.

HTH.
Reply
Stefan Farrelly
Honored Contributor

‎11-21-2003 01:55 AM

‎11-21-2003 01:55 AM

Re: how to filter sshd in syslog.log to other file

Change these lines in /etc/opt/ssh/sshd_config

SyslogFacility AUTH
LogLevel INFO

Then restart sshd.

Then add this line to /etc/syslog.conf

auth.info;mail.none /var/adm/syslog/sshd.log

Then restart syslogd and youre done!
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.