Your browser does not allow storing cookies. We recommend enabling them.

SSH

Configuring Logging in sshd2

sshd2 logs to the facility specified with the configuration option SysLogFacility. If the option is not set, sshd2 logs to the AUTH facility.

For example, if you want sshd2 to log to the LOCAL1 facility, you need to add the following setting to your server's configuration (/opt/tectia/etc/sshd2_config):

SysLogFacility      LOCAL1

The possible facilities are listed in Log Facilities for the SysLogFacility Option.

You also need to modify syslog's configuration, so it knows where to put the log messages.

In /etc/syslog.conf (or equivalent):

local1.info         /var/log/sshd2

On some systems, this file may need to exist before syslog will write to it, so you may need to create it:

# touch /var/log/sshd2

If syslog accesses files with a non-root UID, for example logger, you need to change the ownership of the file to that user.

Remember to restart both sshd2 and syslogd after making changes to their configuration files.

Log Facilities for the SysLogFacility Option

The following log facilities are available:

DAEMONLOCAL0LOCAL3LOCAL6
USERLOCAL1LOCAL4LOCAL7
AUTHLOCAL2LOCAL5


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more