- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- Re: syslog question
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-07-2010 12:52 PM
10-07-2010 12:52 PM
syslog question
I am running HP-UX 11.00, and I reconfigured the /etc/syslog.conf file to copy its contents to a central log server by adding several lines to the existing file. The syntax that I used is shown below:
# Copy the contents of the syslog file to the syslog server.
*.info;mail.none @
*.alert @
*.emerg @
mail.debug @
After I made the changes to the syslog.conf file, I stopped and restarted the service via the /sbin/init.d/syslogd script.
Since that time, there have not been any updates to the /var/adm/syslog/syslog.log file. I am not sure if the fault is with the syntax that I used in the file, or not properly restarting the service.
Can someone provide information on this issue? Thanks.
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-07-2010 01:00 PM
10-07-2010 01:00 PM
Re: syslog question
*.info;mail.none
...
...
...
If you just hit the space bar for white space, then it won't work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-07-2010 02:17 PM
10-07-2010 02:17 PM
Re: syslog question
Thanks for your reply. I re-entered the lines in question, and restarted the syslog daemon. When I logged in, and then changed to root user, there was a new entry added to the syslog.log file.
As a follow-up question: If I want to have all instances of ssh connections made to the system in question recorded to syslog.log, what syntax would I add to the configuration file? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-07-2010 06:32 PM
10-07-2010 06:32 PM
Re: syslog question
man sudoers
Also, man sshd shows the -q option to silence all sshd syslog entries.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-07-2010 07:08 PM
10-07-2010 07:08 PM
Re: syslog question
'sudoers'???? I think Bill probably meant on of the 'ssh man pages. You should probably investigate the 'sshd' man page as well as the sshd_config and ssh_config man pages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2010 11:48 AM
10-08-2010 11:48 AM
Re: syslog question
Yep. The sudoers man page covers a number of sshd logging options such as:
log_host
log_year
loglinelen
syslog_goodpri
syslog_badpri
logfile
syslog
These are set in the Defaults section of the sudoers file.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2010 01:58 PM
10-08-2010 01:58 PM
Re: syslog question
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
Do I need to add an entry that will generate a log file? If so, what would be the correct syntax?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2010 02:10 PM
10-08-2010 02:10 PM
Re: syslog question
LogLevel INFO
and then restart the sshd daemon. That should generate entries into the syslog.log file.
Correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2010 03:05 PM
10-08-2010 03:05 PM
Re: syslog question
Of course sshd_config is the location to control ssh logging. You can control the level (priority) of the logged messages as well as sftp transfers. The -q (if sshd is started with that option) turns off syslog from sshd.
To generate a separate file for sshd entries, there are the SyslogFacility and SftpLogFacility. Change the default (AUTH) to something like LOCAL6 and then modify the syslog.conf file to generate a new log called local6.log for sshd.
Bill Hassell, sysadmin
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP