I have to admit that I was not familar with Kiwi syslog (I had to goggle it to find out what it was). But from what I see, in addition to being able to process SNMP trags, it should be able to handle direct forwarding of syslog data.
From what I gather from your post, you are intereted in ssh logging information. If I recall correctly most distributions default ssh to log to syslog for basic information. You can confirm this by looking at the /etc/ssh/sshd_config file, the 'LogLevel' is likely set to INFO
(for more info see:
http://www.csuglab.cornell.edu/cgi-b...ic=sshd_config)
Next take a look at your /etc/syslog.conf file, you can set up items of intrest to forward to remote syslog servers. One fairly readable discription of this process can be found at:
http://www.linuxsecurity.com/feature...story-123.html
Note: It only refers to nameing the server in your host file, then refering to it by name (after the @ symbol) in the syslog.conf file), but you can if you choose use the destination boxes IP address, although it is not as clean of a process should you have IP changes to make in the future.
If memory serves forwarding 'authpriv' should include information regarding loggin attempts.
