Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sshd logging [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
radonx86
n00b
n00b


Joined: 23 Nov 2006
Posts: 9

PostPosted: Sun Apr 15, 2007 4:15 am    Post subject: sshd logging [solved] Reply with quote

i used to have a script that sent me data from my ssh logs so i could keep an eye on it in case of any strange activity. It got the log data from /var/log/sshd. I recently installed gentoo on a new system and the /var/log/sshd directory doesn't exist. i've used locate, etc. to try to find some log files, but I am not having any luck. I also checked /etc/sshd/sshd_config and verified that logging level is set to default, but i don't see anything about where the log files are located. am i retarded? where are my log files? please help.

thanks.
_________________
~radonx86~

"Good leaders being scarce, following yourself is allowed."


Last edited by radonx86 on Wed Apr 18, 2007 6:16 am; edited 1 time in total
Back to top
View user's profile Send private message
mudrii
l33t
l33t


Joined: 26 Jun 2003
Posts: 789
Location: Singapore

PostPosted: Sun Apr 15, 2007 5:31 am    Post subject: Reply with quote

all ssh activities are logged in /var/log/messages

depends what log manager you using you could configure to log all ssh in different file.
_________________
www.gentoo.ro
Back to top
View user's profile Send private message
RaceTM
Apprentice
Apprentice


Joined: 16 Feb 2004
Posts: 281

PostPosted: Sun Apr 15, 2007 5:34 am    Post subject: Reply with quote

I use metalog for my system log, and the config file is /etc/metalog.conf (I thnk). in there you can set the default log file location for sshd. If you use another system log program, you just need to find its config file and do the same.

Hope this helps
Back to top
View user's profile Send private message
Suicidal
l33t
l33t


Joined: 30 Jul 2003
Posts: 952
Location: /dev/null

PostPosted: Sun Apr 15, 2007 9:02 am    Post subject: Reply with quote

For syslog-ng it would be:

/etc/syslog-ng.conf (snippet):
destination sshd { file("/var/log/sshd.log"perm(0640)group(logaudit)); };
filter f_sshd {match("^sshd.*"); };
#sshd
log { source(src); filter(f_sshd); destination(sshd); };


logaudit is a custom group might want to change it to your own or adm for viewing log files as non root.
Back to top
View user's profile Send private message
radonx86
n00b
n00b


Joined: 23 Nov 2006
Posts: 9

PostPosted: Mon Apr 16, 2007 7:32 pm    Post subject: Reply with quote

worked like a charm. thanks.
_________________
~radonx86~

"Good leaders being scarce, following yourself is allowed."
Back to top
View user's profile Send private message
GNUtoo
Veteran
Veteran


Joined: 05 May 2005
Posts: 1919

PostPosted: Mon Apr 16, 2007 8:51 pm    Post subject: Reply with quote

please add [solved] to your post
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum