Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SFTP logging and /dev/log

Posted on 2010-01-12
10
Medium Priority
?
2,197 Views
Last Modified: 2013-12-16
hi
I'm having trouble working out how to get sftp that is chroot'ed (openssh 5.1) to log.
The man page talks about needing a /dev/log so I've created one in the chroot directory /home/user/dev/log and permissioned for them. (not sure about what perms it shoudl be)

I've added -f LOCAL0 -l VERBOSE to the Subsystem sftp command in /etc/ssh/sshd_config and restarted sshd. LOCAL0 should log to /var/log/localmessages

/etc/sysconfig/syslog requires an additional socket so I've put in SYSLOGD_ADDITIONAL_SOCKET="/home/user/dev/log"
but no matter what I put in here and add to SOCKET where the man page says "NAME" eg.
SYSLOGD_ADDITIONAL_SOCKET1="/home/user/dev/log"
When I restart syslog /etc/init.d/syslog restart
I get a "addr=AF_UNIX.....Address Already in use (98)" error.

I've also seen material on adding to /etc/syslog-ng/syslog-ng.conf
Can someone help with the bit I'm obviously not quite understanding ? Thanks.
0
Comment
Question by:cmap
  • 4
  • 3
  • 3
10 Comments
 
LVL 16

Expert Comment

by:medvedd
ID: 26293099
Can you show output of command

ls -l /home/user/dev/log
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 26298842
Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog
Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"
Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"


also make sure that /users/dev/log exist.
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 26298855
sorry make sure that /users/dev/ exists. /users/dev/log should not exist, it also should not be a directory.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 7

Expert Comment

by:martin_2110
ID: 26298879
To be clear /home/user/dev/log should not exist. /home/user/dev/ should exist. syslog will create /home/user/dev/log when you start it.
0
 

Author Comment

by:cmap
ID: 26302097
hi
permissions-
drwxr-xr-x 3 root root 4096 2010-01-12 14:58 dev
and as per posts I've left it empty. I thought it needed to be root writeable for syslog-ng to write to it.

I've added the  post about syslog options -
SYSLOGD_PARAMS="-m 0 -a /public_ftp/PVG/dev/log"
(no options in file)
but i'm running syslog-ng
root      7555     1  0 10:26 ?        00:00:00 /sbin/syslog-ng

So nothing has changed. Any other ideas ? Thanks.
0
 
LVL 16

Expert Comment

by:medvedd
ID: 26303555
/home/user/dev/log should be created with mksock. As root:

mksock /home/user/dev/log



0
 

Author Comment

by:cmap
ID: 26303643
mksock not a valid command on suse.
I thought about that but /dev has permissions -
drwxr-xr-x 11 root root  4280 2010-01-13 10:48 dev

so not a special file.
Elaine
0
 
LVL 16

Expert Comment

by:medvedd
ID: 26303718
Put this into mksock.c file:

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int main(int argc,char**argv)
{
  struct sockaddr_un addr;
  addr.sun_family=AF_UNIX;
  sprintf(addr.sun_path,argv[1]);
  bind(socket(PF_UNIX,SOCK_STREAM,0),&addr,SUN_LEN(&addr));
}

compile it with "gcc mksock.c -o mksock"
0
 

Author Comment

by:cmap
ID: 26425744
hi
managed to work out myself.
/etc/sysconfig/syslog requires the additional line –
SYSLOG_NG_PARAMS=”-a /public_ftp/PVG/dev/log”
/etc/syslog-ng/syslog-ng.conf requires -
source internal-sftp {
internal();
unix-dgram(“/public_ftp/PVG/dev/log”);
};
And further down –
destination localmessages {file(“/var/log/local/messages”);};
log {source(src); filter(f_local); destination(localmessages);};
log {source(internal-sftp); destination(localmessages);};
/etc/apparmor.d/sbin.syslog-ng add in –
/public_ftp/PVG/dev/log w,
Restart apparmor -  /etc/init.d/boot.apparmor restart
Restart syslog-ng - /etc/init.d/syslog restart
0
 

Accepted Solution

by:
cmap earned 0 total points
ID: 26425751
this can close i managed to sort myself.
Elaine
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question