Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: senti on March 09, 2009, 03:46:31 PM
-
I couldn't find the answer on forums, so I've decided to post a topic.
Basically, /var/log/secure file is empty, even after numerous invalid attempts to login through sshd. Why are authpriv.* message not logged?
This seems to be the case on all SME installations I maintain, while I have no such problems with CentOS 4.x or 5.x.
Thanks.
-
hi
first of all: if you think that something is not working properly, file a bug and report here the reference for other readers.
anyway, as SME is CentOS based, you can always re-create the same setup for syslogd creating the proper template fragments in the right folder (in this case /etc/e-smith/templates-custom/etc/syslog.conf IIRC)
if you don't know what a template is, I suggest you to read the dev manual.. :-)
Ciao
Stefano
-
hi
first of all: if you think that something is not working properly, file a bug and report here the reference for other readers.
anyway, as SME is CentOS based, you can always re-create the same setup for syslogd creating the proper template fragments in the right folder (in this case /etc/e-smith/templates-custom/etc/syslog.conf IIRC)
if you don't know what a template is, I suggest you to read the dev manual.. :-)
Ciao
Stefano
I've created a template to send syslog message to remote server, but it has nothing to do with this issue.
CentOS syslog.conf entry has:
authpriv.* /var/log/secure
SME syslog.conf entry has:
authpriv.* /var/log/secure
This is not something I can solve with templates, entries are the same already. So issue is not in syslog (proftpd errors will get logged in /var/log/secure, for example).
Because I haven't seen this mentioned in bugzilla, nor as an issue on forums, I wanted to check if I am doing something wrong before calling it a 'bug'.
-
don't waste your time to think if is it a bug or not.. file a bug in bugzilla
thank you
Stefano
-
Basically, /var/log/secure file is empty, even after numerous invalid attempts to login through sshd. Why are authpriv.* message not logged?
authpriv.* messages are being logged. sshd isn't logging there. It's logging in /var/log/sshd/current.
-
authpriv.* messages are being logged. sshd isn't logging there. It's logging in /var/log/sshd/current.
Oh, I see. Thanks, no idea how I missed that directory (not used to SME just yet :)).
How could I, then, make sshd log these events (from '/var/log/sshd/current') to syslog? I have checked template for sshd_config (as well as /etc/sshd_config), but doesn't seem like I can change that behaviour there - changing SyslogFacility only changes where existing messages, that I get to /var/log/messages, are sent.
Thanks.
-
senti:
please explain your problem/need, not the solution :-)
what do you want to achieve?
ciao
Stefano
-
senti:
please explain your problem/need, not the solution :-)
what do you want to achieve?
ciao
Stefano
I need contents of /var/log/sshd/current to be logged via syslog, so I can send syslog messages to another host (by using "*.* ip.of.syslog.server" in /etc/syslog.conf), over the network and analyze them on other host.