Operating System - HP-UX
1828267 Members
3231 Online
109975 Solutions
New Discussion

Multiple /dev/log sockets with syslogd - for chroot environments

 
Simon Hargrave
Honored Contributor

Multiple /dev/log sockets with syslogd - for chroot environments

Hi, I'm using sftp in a chroot environment, and logging the transfers with the LogSftp yes option in sshd_config.

This logging works fine in normal sftp transfers, but doesn't when running sftp to a chroot user. In Linux this can be fixed by passing "-a /chroot/path/var/log" to syslogd to give it an extra socket to read from, however hpux only seems to have a -p switch to allow "an alternative" socket rather than multiple.

Is there any way to achieve this with hpux syslogd? I don't think running multiple syslogd's is the answer since we'll likely get duplicate messages from the kernel etc.

The syslog requirement is detailed here: -

http://sftplogging.sourceforge.net/download/README

But as said this works on Linux but not on HPUX from what I can see.
3 REPLIES 3
Peter Godron
Honored Contributor

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Simon,
from the ssh guide:
"In a chroot-ed environment, users do not see a subset of syslogmessages. HP-UX Secure Shell writes syslog messages at the time of authentication and when the session is terminated. The syslogddaemon reads the syslog messages written by all subsystems andreports it to the /dev/log file. In a chroot-ed environment, the sshddaemon writes its syslog messages to /dev/log. It is notpossible to link the /dev/log file to the /dev/log file,resulting in users not being able to view the subset of syslogmessages.Workaround: There is no workaround for this problem. Users of chroot-ed HP-UX Secure Shell environments must be aware that a subset of messages written by the sshd daemon will not show up in syslog."

So I read this that it is not possible.
Peter Godron
Honored Contributor

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Simon,
thanks for the points.

"4- 7: The answer helped with a portion of my question, but I still need some additional help!"

What part of the question do you need further help with ? Please keep the thread updated, so people can respond quickly.
Simon Hargrave
Honored Contributor

Re: Multiple /dev/log sockets with syslogd - for chroot environments

Hi

I didn't give a "The answer has solved my problem completely! Now I'm a happy camper!" because it's still technically possible for someone to come up with ideas or workarounds - the present answer is so defeatist :D Whilst that document says it's not possible, that document clearly applies to the HPUX syslogd since it is a restriction of that particular implementation of syslog that can only read from one /dev/log.

Someone for example may report that they have compiled and used GNU syslogd for example, or used some third-party tool or script that can read messages from /newroot/dev/log socket and replicate them into the real /dev/log.

Have some more points anyway :D