Logging, Syslog and Log Anaylsys Forums
July 30, 2010, 09:39:44 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
   Home   WIKI BLOG Help Search Recent Topics GoogleTagged Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: Logging ssh access attempts  (Read 410 times)
Kreno
Newbie
*
Offline Offline

Posts: 6


View Profile
« on: February 19, 2010, 09:10:22 am »
Hello all,

I would like to log ssh log-in attempts to Cisco router, Cisco ASA and two Opensolaris computers into separate file. Does anybody have example on how to achieve it? Current syslog-ng is configured that all data is stored in one file.

Thank you and kind regards,
 M
Logged
Admin
Administrator
Newbie
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #1 on: February 19, 2010, 10:25:16 am »
Code:

source s_net { udp(); };
destination d_hosts {
   file("/var/log/$HOST.log";
  };
log { source(s_net); destination(d_hosts); };

That will put the messages from each host into a separate file. 
Logged
Kreno
Newbie
*
Offline Offline

Posts: 6


View Profile
« Reply #2 on: February 21, 2010, 05:30:43 am »
I have all host is separate log files. What I would like to achieve is that only ssh attempts would be logged into for example ssh-log.log file.
Logged
Admin
Administrator
Newbie
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #3 on: February 21, 2010, 01:53:52 pm »
try this:
Code:
source s_net { udp(); };
filter f_ssh { match("ssh"); };
destination d_hosts { file("/var/log/$HOST.log";  };
log { source(s_net); filter(f_ssh); destination(d_hosts); };

This will only log events that contain the string "ssh" to the files.  You may need to adjust the filter based on what events you want to see.
Logged
Pages: [1]
  Print  
GoogleTagged: opensolaris

« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC | Sitemap Valid XHTML 1.0! Valid CSS!