HPE Community
Operating System - HP-UX
1833923 Members
3425 Online
110063 Solutions
New Discussion

Re: sshd2_config file

 
Chris Tzafaroglou
Occasional Advisor

‎09-05-2007 05:54 AM

‎09-05-2007 05:54 AM

sshd2_config file

What does setting the syslogfacility to LOCAL7 or AUTH (def) actually do? Does it direct the log files to be put somewhere else? What's the difference between LOCAL1 as opposed to LOCAL7
Any info, greatly appreciated.
0 Kudos
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎09-05-2007 06:00 AM

‎09-05-2007 06:00 AM

Re: sshd2_config file

Shalom,

http://www.ssh.com/support/documentation/online/ssh/adminguide-zos/54/Default_sshd2_config_Configuration_File.html

http://h30097.www3.hp.com/docs/ssh/DOCS/HTML/MAN/MAN4/0002____.HTM

http://www.astro.caltech.edu/cgi-bin/man.cgi?section=5&topic=sshd2_config

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Doug O'Leary
Honored Contributor

‎09-05-2007 06:01 AM

‎09-05-2007 06:01 AM

Re: sshd2_config file

Hey;

Those are different facilities: auth typically refers to authentication where as local[1-7] can be used for (appropriately enough) local/unspecified logging requirements.

You can then send the syslogs where ever you'd like via the /etc/syslog.conf

man syslog
man syslogd

should give you the more detailed information that you man need.

You could also check out http://www.olearycomputers.com/ll/syslog_config.html for more (if perhaps somewhat dated) information on configuring syslog.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Chris Tzafaroglou
Occasional Advisor

‎09-05-2007 06:54 AM

‎09-05-2007 06:54 AM

Re: sshd2_config file

Thanks for the good info. Now to the actual problem, I have local7 ssh logging pointing to /var/adm/syslog/sshd.log, but it's not logging users sessions, the syslog.log has them. I have it setup to record in both logs, but its not writing to the sshd.log file. This started happpening after we upgraded to the latest and greatest version of ssh.com Tectia
0 Kudos
Bill Hassell
Honored Contributor

‎09-05-2007 08:20 AM

‎09-05-2007 08:20 AM

Re: sshd2_config file

syslog.conf is a little tricky to understand. First, NEVER use spaces in the file between facility/priority and the destination. Any line with spaces will be silently ignored.

Second, each line is processed for every message. If you want all messages for a specific facility and priority to *only* go to one file, you must exclude (using .none) the messages from other logfiles. LOCAL0 through LOCAL7 are loosely defined as local services but several HP-UX services also use a LOCALx facility.

Here is a sample syslog.conf where all mail messages are logged to mail.log, local5 messages to an ftpd log, authentication to auth.log and daemon messages to daemon.log. Note how mail, ftpd, mail and daemon messages are excluded from syslog.log:

mail.debug /var/adm/syslog/mail.log
*.info;mail.none;local5.none;auth.none;daemon.notice /var/adm/syslog/syslog.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
daemon.info /var/adm/syslog/daemon.log
*.warning @pdrbk
*.err /var/adm/syslog/syslog-err.log
*.alert /dev/console
*.alert root
*.emerg *

Attached is a syslog decoder which takes syslogd messages and decodes the facility/priority value. That way, you can see exactly how each message was logged. NOTE: you must restart syslogd with the -v option (put into /etc/rc.config.d also).


Bill Hassell, sysadmin
0 Kudos
Chris Tzafaroglou
Occasional Advisor

‎09-05-2007 08:46 AM

‎09-05-2007 08:46 AM

Re: sshd2_config file

Thanks, Bill
Tremendous help. I double checked the syslog.conf and the ssh config file and it was correct .The daemon is currently logging, it turns out that I was inpatient and didn't wait long enough for sessions to be logged. I just checked and she's logging. Thank you, very much.

Regards,

Chris
0 Kudos
Chris Tzafaroglou
Occasional Advisor

‎09-05-2007 09:38 AM

‎09-05-2007 09:38 AM

Re: sshd2_config file

Bill H, provided the information to enable the fix
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.