[OmniOS-discuss] sshd logging
Lauri Tirkkonen
lotheac at iki.fi
Thu Mar 31 13:34:40 UTC 2016
On Thu, Mar 31 2016 08:11:15 -0500, Schweiss, Chip wrote:
> In sshd_config I have:
>
> # Syslog facility and level
> SyslogFacility AUTH
> LogLevel VERBOSE
You tell it to log to the auth facility, but you also need to tell
syslog to put auth messages where you want them.
> *.err;kern.notice;auth.notice /dev/sysmsg
You ask that auth messages higher than 'notice' level go to the console.
A quick glance at my logs reveals most messages logged by sshd are at
the 'info' level (which is lower than notice).
> auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
According to syslog.conf(4), this means that if the current machine has
the same address as 'loghost' (which I think is an alias for localhost
in the default /etc/hosts), then put auth.notice and above to
/var/log/authlog, otherwise send them to the 'loghost' machine. But
again, your log level is 'notice'; try bumping it to 'info' (and make
sure that /var/log/authlog exists if that's where you want these logs).
--
Lauri Tirkkonen | lotheac @ IRCnet
More information about the OmniOS-discuss
mailing list