no sshd log

hezry79 · March 29, 2006, 9:49pm

[solaris x86.]

My ssh log appear to the screen which i want it to be log to /var/log/sshd.log

how to log the sshd to /var/log?

ahmad_one · March 29, 2006, 10:46pm

use syslog from this file /etc/syslog.conf

hezry79 · March 30, 2006, 4:44am

I try to test as the link but couldnt works...my configuration as below

this is my syslog.conf

bash-2.03$ vi /etc/syslog.conf 
"/etc/syslog.conf" [Read only] 37 lines, 1035 characters 
#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines w{ll use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
)

and this part of my sshd_config

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

and in my /var/log only contain this:
bash-2.03# ls -l
total 4
-rw------- 1 root sys 0 Mar 28 15:18 authlog
-rw-r--r-- 1 root sys 1357 Mar 30 10:00 syslog
bash-2.03#

hezry79 · March 30, 2006, 10:16am

any idea?..........................

dsbeerf · April 11, 2006, 2:24pm

In MY /etc/syslog.conf, I have something telling the 'AUTH' messages where to 'go':

auth.info <tab><tab><tab> ifdef(`LOGHOST', /var/log/authlog, @loghost)

If I do NOT have the machine 'loghost' defined on my network, AND I want all my 'logs' written locally,
I add an "alias" for 'THIS' machine as loghost in /etc/hosts.

If you have an entry in /etc/hosts for your machine that looks like this:

10.232.232.123 myhost.mydomain.com myhost

Then ADD 'loghost' to make the entry look like:

10.232.232.123 myhost.mydomain.com myhost loghost

THAT way, all your logs will stay on 'this' machine.

This should also work for you. Make SURE the 'whitespace' between columns are TABS, not 'spaces'.
There should be *NO* spaces between columns in /etc/syslog.conf.

Also, I do a:

touch /var/log/authlog

To make sure the file is there for syslog to write to, although I am NOT sure if this is necessary.

nadamac · April 1, 2009, 10:04am

just add the following line into the /etc/syslog.conf

auth.info /var/log/authlog

and restart syslog service by
svcadm restart svc:/system/system-log:default
after that you may test ssh connections and their log
should be in /var/log/authlog