From owner-ssh@clinet.fi Thu May 24 23:27:14 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id XAA01122 for ; Thu, 24 May 2001 23:27:13 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id A4A49206D3; Thu, 24 May 2001 23:27:12 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id XAA02036 for ssh-outgoing; Thu, 24 May 2001 23:06:08 +0300 Received: from foghorn.cec.mtu.edu (IDENT:celinn@foghorn.cec.mtu.edu [141.219.152.223]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id XAA02033 for ; Thu, 24 May 2001 23:06:07 +0300 Received: (from celinn@localhost) by foghorn.cec.mtu.edu (8.10.1/8.10.1) id f4OK4Nl17868; Thu, 24 May 2001 16:04:23 -0400 (EDT) Date: Thu, 24 May 2001 16:04:23 -0400 From: Christopher Linn To: Marc.Jacquard@firstdatacorp.com Cc: ssh@clinet.fi Subject: Re: logging error messages in SSH Message-ID: <20010524160422.D4035@mtu.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from owner-ssh@clinet.fi on Thu, May 24, 2001 at 01:33:57PM -0500 Sender: owner-ssh@clinet.fi Precedence: bulk look in your sshd_config file and examine the lines: SyslogFacility LogLevel these variables where the logging info from sshd goes. in the default sshd_config from openssh, they are set like so: SyslogFacility AUTH LogLevel INFO now, look in your /etc/syslog.conf file to see where auth.info (or whatever SyslogFacility/LogLevel combination you have chosen in sshd_config) messages are going to. Typically in Solaris you would find a line for auth.notice . since sshd logs at the info level (one level lower than "notice") these messages would not get logged to /var/log/authlog. it is handy to examine syslog.conf(4) while you are doing this. remember to never use any blanks in a syslog.conf line, due to m4(1) processing by syslogd(1M). if you really want these messages to go to /var/adm/messages instead of /var/log/authlog, you would do something like this in /etc/syslog.conf: auth.info /var/adm/messages ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ these are TABS! don't forget to HUP syslogd after changing syslog.conf so the changes take effect, and if you change info in sshd_conf while sshd is running, you'll have to HUP that too. hope this helps! chris On Thu, May 24, 2001 at 01:33:57PM -0500, owner-ssh@clinet.fi wrote: > I have been testing the OpenSSH_2.9p1 on Solaris 8 and have been unable to > get it to log to /var/log/syslog or /var/adm/messages. > Has anyone else had this issue? Does anyone know how to fix this? It only > seems to write to the lastlog. > > Best regards, > > Marc Jacquard -- Christopher Linn, | By no means shall either the CEC Staff System Administrator | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.