cmap
asked on
SFTP logging and /dev/log
hi
I'm having trouble working out how to get sftp that is chroot'ed (openssh 5.1) to log.
The man page talks about needing a /dev/log so I've created one in the chroot directory /home/user/dev/log and permissioned for them. (not sure about what perms it shoudl be)
I've added -f LOCAL0 -l VERBOSE to the Subsystem sftp command in /etc/ssh/sshd_config and restarted sshd. LOCAL0 should log to /var/log/localmessages
/etc/sysconfig/syslog requires an additional socket so I've put in SYSLOGD_ADDITIONAL_SOCKET=
but no matter what I put in here and add to SOCKET where the man page says "NAME" eg.
SYSLOGD_ADDITIONAL_SOCKET1
When I restart syslog /etc/init.d/syslog restart
I get a "addr=AF_UNIX.....Address Already in use (98)" error.
I've also seen material on adding to /etc/syslog-ng/syslog-ng.c
Can someone help with the bit I'm obviously not quite understanding ? Thanks.
I'm having trouble working out how to get sftp that is chroot'ed (openssh 5.1) to log.
The man page talks about needing a /dev/log so I've created one in the chroot directory /home/user/dev/log and permissioned for them. (not sure about what perms it shoudl be)
I've added -f LOCAL0 -l VERBOSE to the Subsystem sftp command in /etc/ssh/sshd_config and restarted sshd. LOCAL0 should log to /var/log/localmessages
/etc/sysconfig/syslog requires an additional socket so I've put in SYSLOGD_ADDITIONAL_SOCKET=
but no matter what I put in here and add to SOCKET where the man page says "NAME" eg.
SYSLOGD_ADDITIONAL_SOCKET1
When I restart syslog /etc/init.d/syslog restart
I get a "addr=AF_UNIX.....Address Already in use (98)" error.
I've also seen material on adding to /etc/syslog-ng/syslog-ng.c
Can someone help with the bit I'm obviously not quite understanding ? Thanks.
Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog
Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"
Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"
also make sure that /users/dev/log exist.
# vi /etc/sysconfig/syslog
Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"
Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"
also make sure that /users/dev/log exist.
sorry make sure that /users/dev/ exists. /users/dev/log should not exist, it also should not be a directory.
To be clear /home/user/dev/log should not exist. /home/user/dev/ should exist. syslog will create /home/user/dev/log when you start it.
ASKER
hi
permissions-
drwxr-xr-x 3 root root 4096 2010-01-12 14:58 dev
and as per posts I've left it empty. I thought it needed to be root writeable for syslog-ng to write to it.
I've added the post about syslog options -
SYSLOGD_PARAMS="-m 0 -a /public_ftp/PVG/dev/log"
(no options in file)
but i'm running syslog-ng
root 7555 1 0 10:26 ? 00:00:00 /sbin/syslog-ng
So nothing has changed. Any other ideas ? Thanks.
permissions-
drwxr-xr-x 3 root root 4096 2010-01-12 14:58 dev
and as per posts I've left it empty. I thought it needed to be root writeable for syslog-ng to write to it.
I've added the post about syslog options -
SYSLOGD_PARAMS="-m 0 -a /public_ftp/PVG/dev/log"
(no options in file)
but i'm running syslog-ng
root 7555 1 0 10:26 ? 00:00:00 /sbin/syslog-ng
So nothing has changed. Any other ideas ? Thanks.
/home/user/dev/log should be created with mksock. As root:
mksock /home/user/dev/log
mksock /home/user/dev/log
ASKER
mksock not a valid command on suse.
I thought about that but /dev has permissions -
drwxr-xr-x 11 root root 4280 2010-01-13 10:48 dev
so not a special file.
Elaine
I thought about that but /dev has permissions -
drwxr-xr-x 11 root root 4280 2010-01-13 10:48 dev
so not a special file.
Elaine
Put this into mksock.c file:
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int main(int argc,char**argv)
{
struct sockaddr_un addr;
addr.sun_family=AF_UNIX;
sprintf(addr.sun_path,argv
bind(socket(PF_UNIX,SOCK_S
}
compile it with "gcc mksock.c -o mksock"
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int main(int argc,char**argv)
{
struct sockaddr_un addr;
addr.sun_family=AF_UNIX;
sprintf(addr.sun_path,argv
bind(socket(PF_UNIX,SOCK_S
}
compile it with "gcc mksock.c -o mksock"
ASKER
hi
managed to work out myself.
/etc/sysconfig/syslog requires the additional line –
SYSLOG_NG_PARAMS=”-a /public_ftp/PVG/dev/log”
/etc/syslog-ng/syslog-ng.c
source internal-sftp {
internal();
unix-dgram(“/public_ftp/PV
};
And further down –
destination localmessages {file(“/var/log/local/mess
log {source(src); filter(f_local); destination(localmessages)
log {source(internal-sftp); destination(localmessages)
/etc/apparmor.d/sbin.syslo
/public_ftp/PVG/dev/log w,
Restart apparmor - /etc/init.d/boot.apparmor restart
Restart syslog-ng - /etc/init.d/syslog restart
managed to work out myself.
/etc/sysconfig/syslog requires the additional line –
SYSLOG_NG_PARAMS=”-a /public_ftp/PVG/dev/log”
/etc/syslog-ng/syslog-ng.c
source internal-sftp {
internal();
unix-dgram(“/public_ftp/PV
};
And further down –
destination localmessages {file(“/var/log/local/mess
log {source(src); filter(f_local); destination(localmessages)
log {source(internal-sftp); destination(localmessages)
/etc/apparmor.d/sbin.syslo
/public_ftp/PVG/dev/log w,
Restart apparmor - /etc/init.d/boot.apparmor restart
Restart syslog-ng - /etc/init.d/syslog restart
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ls -l /home/user/dev/log