Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: How to enable logging to the sshd.log file in Windows? (Using SSH in Cygwin)

7,938 views

Skip to first unread message

Message has been deleted

René Berber

unread,

Oct 2, 2007, 6:07:38 AM10/2/07

On Sep 25, 9:06 pm, Skylive! wrote:

> I have set SSH up on my Windows XP Home Edition computer some time
> ago. I wanted to be able to log all incoming and outgoing SSH
> traffic / commands issued to the server to a file. Currently, SSH is
> logging to Windows and the log can be view from Windows Event Viewer.
> This is not what I want and I was hoping to sort of 're-direct' the
> data to a log file somewhere (like say the sshd.log file which isn't
> being used at the moment). I am unable to find a guide on it at all on
> this, nor did I find a solution that solved my problem in this group,
> and I hope someone can help me. Thanks in advance!

First install syslog-ng (or syslog which comes with inet-utils). Sshd
will start using /var/log/messages instead of the Windows event list.

Second, change sshd_config to use "SyslogFacility LOCAL5" or similar
instead of AUTH.

Last, configure syslog-ng.conf creating a filter for local5 and
directing the log to whatever file you want.

Untested, but it should work.
--
René Berber

Wilfried Hennings

unread,

Oct 11, 2007, 8:23:35 AM10/11/07

Thank you, René!
I long waited for this info.
I had to figure out some details, which aren't self-explaining, so I add
them to the description.

René Berber <rbe...@mailandnews.com> wrote:

> On Sep 25, 9:06 pm, Skylive! wrote:
>
> > I have set SSH up on my Windows XP Home Edition computer some time
> > ago. I wanted to be able to log all incoming and outgoing SSH
> > traffic / commands issued to the server to a file. Currently, SSH is
> > logging to Windows and the log can be view from Windows Event Viewer.
> > This is not what I want and I was hoping to sort of 're-direct' the
> > data to a log file somewhere (like say the sshd.log file which isn't
> > being used at the moment). I am unable to find a guide on it at all on
> > this, nor did I find a solution that solved my problem in this group,
> > and I hope someone can help me. Thanks in advance!
>
> First install syslog-ng (or syslog which comes with inet-utils).

This means:
- Install syslog-ng by the cygwin setup. It is in group "Admin".
- run the script /bin/syslog-ng-config

> Second, change sshd_config to use "SyslogFacility LOCAL5" or similar
> instead of AUTH.

Then, make syslog-ng start automatically at each system boot by issuing
the commands
cygrunsrv -I syslog-ng -p /usr/sbin/syslog-ng
cygrunsrv -S syslog-ng

> Last, configure syslog-ng.conf creating a filter for local5 and
> directing the log to whatever file you want.

I did not need this. Logging goes into /var/log/messages

--
Wilfried Hennings
please reply in the newsgroup, the e-mail address is invalid

0 new messages