Re: intrusion via ssh

From: Michelle Konzack (linux4michelle_at_freenet.de)
Date: 03/31/05

Next message: Matt Zagrabelny: "Re: Debian way of integrating out of tree drivers"

Previous message: Ray: "Time"
In reply to: Angelina Carlton: "Re: intrusion via ssh"
Next in thread: Todd A. Jacobs: "Re: intrusion via ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 31 Mar 2005 23:49:37 +0200
To: debian-user@lists.debian.org

Salut Angelina,

Am 2005-03-31 13:08:27, schrieb Angelina Carlton:

> Hi Michelle,
> can you descibe to me how to make all sshd activity log
> to /var/log/sshd.log ? My woody server logs it auth.log
> which is fine I suppose but I woul much rather have sshd.log

Right...
I have create three (postgresql, spamd, sshd) seperate logentries...

> my sshd_config has:
>
> # Logging
> SyslogFacility AUTH
> LogLevel INFO

SyslogFacility LOCAL1

__( '/etc/syslog.conf' )______________________________________________
/
| local0.* -/var/log/postgresql.log
| local1.* -/var/log/sshd.log
| local4.* -/var/log/spamd.log
\______________________________________________________________________

/etc/init.d/sysklogd restart
/etc/init.d/ssh restart

> I would imagine that needs changing to something, but syslog would need to
> be changed also? and what about logrotate?

Create an entry for logrotate:

__( '/etc/logrotate.d/sshd' )___________________
/
| /var/log/sshd*.log {
| weekly
| missingok
| rotate 52
| compress
| delaycompress
| notifempty
| create 640 root adm
| sharedscripts
| postrotate
| /etc/init.d/ssh reload > /dev/null
| endscript
| }
\________________________________________________

> TIA

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

application/pgp-signature attachment: Digital signature

Next message: Matt Zagrabelny: "Re: Debian way of integrating out of tree drivers"

Previous message: Ray: "Time"
In reply to: Angelina Carlton: "Re: intrusion via ssh"
Next in thread: Todd A. Jacobs: "Re: intrusion via ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]