Logging ssh info using syslog-ng daemon in Cygwin

Question

I have setup the syslog-ng daemon using Cygwin in Windows 7. What I want to do is to log all of the ssh failed passwords, etc to /var/log/sshd.log. I tried to do this by adding the following line:

auth.* /var/log/sshd.log

to /etc/syslog.conf

However, all the ssh info gets logged to /var/log/messages and sshd.log is empty. I have been searching net for long time, but cant find a solution. Help would be much appreciated.

score 4 · Accepted Answer · answered Dec 20 '13 at 13:59

That's the old sysklogd conf file syntax (and file path).

Syslog-ng looks (by default) at /etc/syslog-ng.conf

The manpage for that file is here: http://linux.die.net/man/5/syslog-ng.conf

A basic filter for ssh messages to go to a separate file would look like

destination ssh { file("/var/log/ssh.log"); };
filter f_ssh { program("sshd"); };
log { source(src); filter(f_ssh); destination(ssh); };

in /etc/syslog-ng.conf

score 0 · Answer 2 · answered Mar 04 '14 at 01:46

0

HERE are some more details setting up Syslog-ng.

answered Mar 04 '14 at 01:46

not2qubit

281
1
3
10

Logging ssh info using syslog-ng daemon in Cygwin

2 Answers2