?
Solved

SFTP logging and /dev/log

Posted on 2010-01-12
10
Medium Priority
?
2,151 Views
Last Modified: 2013-12-16
hi
I'm having trouble working out how to get sftp that is chroot'ed (openssh 5.1) to log.
The man page talks about needing a /dev/log so I've created one in the chroot directory /home/user/dev/log and permissioned for them. (not sure about what perms it shoudl be)

I've added -f LOCAL0 -l VERBOSE to the Subsystem sftp command in /etc/ssh/sshd_config and restarted sshd. LOCAL0 should log to /var/log/localmessages

/etc/sysconfig/syslog requires an additional socket so I've put in SYSLOGD_ADDITIONAL_SOCKET="/home/user/dev/log"
but no matter what I put in here and add to SOCKET where the man page says "NAME" eg.
SYSLOGD_ADDITIONAL_SOCKET1="/home/user/dev/log"
When I restart syslog /etc/init.d/syslog restart
I get a "addr=AF_UNIX.....Address Already in use (98)" error.

I've also seen material on adding to /etc/syslog-ng/syslog-ng.conf
Can someone help with the bit I'm obviously not quite understanding ? Thanks.
0
Comment
Question by:cmap
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 16

Expert Comment

by:medvedd
ID: 26293099
Can you show output of command

ls -l /home/user/dev/log
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 26298842
Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog
Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"
Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"


also make sure that /users/dev/log exist.
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 26298855
sorry make sure that /users/dev/ exists. /users/dev/log should not exist, it also should not be a directory.
0
WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

 
LVL 7

Expert Comment

by:martin_2110
ID: 26298879
To be clear /home/user/dev/log should not exist. /home/user/dev/ should exist. syslog will create /home/user/dev/log when you start it.
0
 

Author Comment

by:cmap
ID: 26302097
hi
permissions-
drwxr-xr-x 3 root root 4096 2010-01-12 14:58 dev
and as per posts I've left it empty. I thought it needed to be root writeable for syslog-ng to write to it.

I've added the  post about syslog options -
SYSLOGD_PARAMS="-m 0 -a /public_ftp/PVG/dev/log"
(no options in file)
but i'm running syslog-ng
root      7555     1  0 10:26 ?        00:00:00 /sbin/syslog-ng

So nothing has changed. Any other ideas ? Thanks.
0
 
LVL 16

Expert Comment

by:medvedd
ID: 26303555
/home/user/dev/log should be created with mksock. As root:

mksock /home/user/dev/log



0
 

Author Comment

by:cmap
ID: 26303643
mksock not a valid command on suse.
I thought about that but /dev has permissions -
drwxr-xr-x 11 root root  4280 2010-01-13 10:48 dev

so not a special file.
Elaine
0
 
LVL 16

Expert Comment

by:medvedd
ID: 26303718
Put this into mksock.c file:

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int main(int argc,char**argv)
{
  struct sockaddr_un addr;
  addr.sun_family=AF_UNIX;
  sprintf(addr.sun_path,argv[1]);
  bind(socket(PF_UNIX,SOCK_STREAM,0),&addr,SUN_LEN(&addr));
}

compile it with "gcc mksock.c -o mksock"
0
 

Author Comment

by:cmap
ID: 26425744
hi
managed to work out myself.
/etc/sysconfig/syslog requires the additional line –
SYSLOG_NG_PARAMS=”-a /public_ftp/PVG/dev/log”
/etc/syslog-ng/syslog-ng.conf requires -
source internal-sftp {
internal();
unix-dgram(“/public_ftp/PVG/dev/log”);
};
And further down –
destination localmessages {file(“/var/log/local/messages”);};
log {source(src); filter(f_local); destination(localmessages);};
log {source(internal-sftp); destination(localmessages);};
/etc/apparmor.d/sbin.syslog-ng add in –
/public_ftp/PVG/dev/log w,
Restart apparmor -  /etc/init.d/boot.apparmor restart
Restart syslog-ng - /etc/init.d/syslog restart
0
 

Accepted Solution

by:
cmap earned 0 total points
ID: 26425751
this can close i managed to sort myself.
Elaine
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question