Bug 61829 - logwatch's sshd filter should scan secure logs
logwatch's sshd filter should scan secure logs
Product: Red Hat Linux
Classification: Retired
Component: logwatch (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Depends On:
  Show dependency treegraph
Reported: 2002-03-24 19:13 EST by Ben Liblit
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-24 19:19:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch file implementing suggested LogFile directive change (315 bytes, patch)
2002-03-24 19:19 EST, Ben Liblit
no flags Details | Diff

  None (edit)
Description Ben Liblit 2002-03-24 19:13:14 EST
Line 243 of "/etc/log.d/scripts/services/sshd" searches for "Server listening
on" messages to count the number of times the ssh daemon was started.  Line 235
of the same file searches for "Received signal 15" messages to cound daemon

The default syslog configuration places these messages in /var/log/secure. 
However, in "/etc/log.d/conf/services/sshd.conf" we find only a single LogFile
directive, for the "messages" log.  Thus, logwatch never actually finds these
sshd startup messages.

Someone should add a second LogFile line to
"/etc/log.d/conf/services/sshd.conf", as follows:

   LogFile = secure

Note that the existing "LogFile = messages" line should be retained, as some
sshd messages do still go into that logfile group.
Comment 1 Ben Liblit 2002-03-24 19:18:51 EST
Actually, it appears that there are *no* useful sshd messages in the "messages"
logfile group.  They all go into the "secure" group.  So instead of adding a
LogFile line, you want to replace the existing one.  That is, on line 16 of
"/etc/log.d/conf/services/sshd.conf", change this:

    LogFile = messages

to this:

    LogFile = secure
Comment 2 Ben Liblit 2002-03-24 19:19:40 EST
Created attachment 50044 [details]
patch file implementing suggested LogFile directive change

Note You need to log in before you can comment on or make changes to this bug.