This section describes collecting and viewing of logs generated about the operations of SSH Tectia Server.
The Management Agent
sysmonitor process collects system log events generated by an SSH Tectia Server and forwards them to the Management Server. The syslog facility used by SSH Tectia Server is defined in the server configuration. Log gathering is disabled by default.
The Management Server forwards all collected log information to the Management Server machine's system log.
Using these two capabilities, it is possible to route all system log entries related to an SSH Tectia Server to the Management Server, which in turn can then provide them to third-party applications through the Management Server machine's system log.
If SSH Tectia Server is installed on a host which is running Management Agent, log messages generated by SSH Tectia Server (in the Windows Event Log) are sent to the Management Server. The event log filter for SSH Tectia Server is defined in the SSH Tectia Server configuration. Log gathering is disabled by default.
See also Management Server Log Collection Process for a technical description of the log collection process.
Log collection is defined in the Management Agent configuration in Configurations → Edit Configurations → Management Agent.
Use the Enable agent SecSh log gathering setting to enable or to disable the Management Agent to collect the Secure Shell system logs on the monitored host and to send them to the Management Server. When enabled, the Management Agent will poll the logs at 60 second intervals for changes.
Deploy the configuration in Configurations → Deploy configurations.
To disable log collection on a managed host:
Edit the line for the SecshMonitorLogPollInterval configuration option in the
/etc/opt/ssh-mgmt/agent/agent-secsh.datfile and set its value to
0. This will prevent the sysmonitor from sending log events to the Management Server.
After modifying the
/etc/opt/ssh-mgmt/agent/agent-secsh.datfile, restart the Management Agent.
/etc/syslog.conffile and remove the following lines:
# SSH Tectia Manager (ssh-mgmt-agent) automatic syslog.conf entry \ (DO NOT EDIT!) *.debug/var/run/ssh-mgmt-temp-log
Restart syslog. See the manual page for
syslogdfor instructions on how to do this. Typically this is done by sending the HUP signal to the
kill -HUP <pid>
Copying the log messages that Management Agents send to the Management Server can be disabled in the administration interface.
To disable the copying of log messages:
Click Settings → System settings on the menu.
On System settings, click the Edit button.
Clear the Enable copying sshd log messages from managed hosts to Management Server syslog check box, and click the Save button.
If logs are enabled, the Management Agent collects all Secure-Shell-related log data from the syslog files of the managed hosts and copies it to the Management Server. The Management Server stores this information into its database.
This collected log data can be viewed by administrators. The information includes:
Event time: This is the time when the log event actually took place on the host. This time is the local time of the host, not the time of the Management Server (GMT).
Receive time: This is the time when the Management Server received the log entry from the host. This time is the Management Server's time (GMT).
Host: The hostname
PID: The ID of the process that entered the log event into the syslog.
Process: A string describing the name of the process that entered the log event into the syslog. In this release this is
sshd2(for 4.x), or
Message: The free text part of the system log entry, contains a description of the event.
These log entries can be filtered by hostname, event time, and message content.
To view the SSH Tectia Server logs, click Logging → SSH Tectia Server logs on the menu. Enter the appropriate search criteria and change the time period if necessary. Click the Search button to start the search.
Logs of the matching hosts are displayed. See Figure 7.13 for an example.
Click Close to return to the log search page.
To view logs sent from a managed SSH Tectia Server host:
Click Hosts → View hosts on the menu.
Select an SSH Tectia Server host that is sending the logs (through View hosts or Search hosts).
Click the Secure Shell software tab, and click the Log data tab. The collected log is shown.
Click Close to return to the View hosts page, or click another tab to continue.