LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-14-2010, 09:43 AM   #1
takayama
Member
 
Registered: Sep 2009
Posts: 97

Rep: Reputation: 0
Problem with loging ssh with syslog-ng


Im trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.

Here is my config.

Code:
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
        sync (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (yes);
        use_fqdn (no);
        create_dirs (yes);
        keep_hostname (yes);

};

source s_sys {
        file ("/proc/kmsg" log_prefix("kernel: "));
        unix-stream ("/dev/log");
        internal();
        # udp(ip(0.0.0.0) port(514));

};


destination d_sshd { file("/var/log/sshd/sshd.log"); };
filter f_sshd       { facility(AUTHPRIV); };
log { source(s_sys); filter(f_sshd); destination(d_sshd); };



destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };

filter f_kernel     { facility(kern); };
filter f_default    { level(info..emerg) and
                        not (facility(mail)
                        or facility(authpriv)
                        or facility(cron)); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_emergency  { level(emerg); };
filter f_news       { facility(uucp) or
                        (facility(news)
                        and level(crit..emerg)); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };

#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
 
Old 11-26-2010, 05:04 PM   #2
Pearlseattle
Senior Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 1,001

Rep: Reputation: 142Reputation: 142
Hi!

I have no such problem (I can login & out 100 times in a row as root or branch (gh....sorry...) and each time I get logged) and here is my "/etc/syslog-ng/syslog-ng.conf" (all the stuff gets logged to "/var/log/messages"):
Code:
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options { 
        chain_hostnames(no); 

        # The default action of syslog-ng is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats_freq(43200); 
};

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
Looks very different from yours and to be honest I never had to change it nor have to understand its meaning.

Have fun!
 
0 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP Loging Problem Amit Agarwal Linux - Server 2 09-10-2009 12:21 AM
Problem loging into Ubuntu 9.04 iafchandru Ubuntu 6 08-08-2009 02:23 PM
loging syslog messages to a Remote Server nevxille Linux - Newbie 1 10-18-2006 07:12 AM
problem loging as user to fc3 shams Fedora 1 03-07-2005 05:09 AM
root loging problem muthu_ravi Linux - Security 1 10-28-2003 07:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration