Bug 8630 - syslog doesn't log ssh after upgrade
Summary: syslog doesn't log ssh after upgrade
Status: CLOSED DUPLICATE of bug 7214
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sysklogd
Version: 6.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-01-19 19:25 UTC by jrs
Modified: 2014-03-17 02:12 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2000-02-01 19:37:32 UTC

Attachments (Terms of Use)

Description jrs 2000-01-19 19:25:47 UTC
Equipment: P133 running RH6.0 with a custom 2.2.10 kernel.

I recently installed several of the security patches for 6.0,
including  sysklogd-1.3.31-14. I followed the directions
carefully, but after restarting syslog, I found that it stopped
logging all ssh activity. The syslog continued to run (an
excerpt from /var/log/messages is provided below).

I found previous reports of this sort of behavior in Bugzilla,
but only for older 5.x versions of RH, and older versions of sysklogd.

Although it is almost always the wrong solution, I decided to see
if a reboot would cure the problem. It did.

It makes me suspect that there is a bug in one of the /etc/rc.d/init.d
scripts. For example, maybe another daemon (or maybe just sshd) needs
to be restarted when syslog gets restarted?

FYI: I am running ssh-1.2.27, compiled from source.
The contents of my default startups in /etc/rc.d/rc3.d:

Here's an extract from the log at the time of the upgrade

Jan 11 12:44:10 falstaff sshd[489]: log: Generating new 768 bit RSA key.
Jan 11 12:44:12 falstaff sshd[489]: log: RSA key generation complete.
Jan 11 12:47:10 falstaff kernel: Kernel logging (proc) stopped.
Jan 11 12:47:10 falstaff kernel: Kernel log daemon terminating.
Jan 11 12:47:11 falstaff syslog: klogd shutdown succeeded
Jan 11 12:47:12 falstaff exiting on signal 15
Jan 11 12:47:13 falstaff syslogd 1.3-3: restart.
Jan 11 12:47:13 falstaff syslog: syslogd startup succeeded
Jan 11 12:47:13 falstaff syslog: klogd startup succeeded
Jan 11 12:47:13 falstaff kernel: klogd 1.3-3, log source = /proc/kmsg
Jan 11 12:47:13 falstaff kernel: Inspecting /boot/System.map
Jan 11 12:47:14 falstaff kernel: Loaded 6563 symbols from /boot/System.map.
Jan 11 12:47:14 falstaff kernel: Symbols match kernel version 2.2.10.
Jan 11 12:47:14 falstaff kernel: Loaded 98 symbols from 6 modules.
Jan 11 12:51:43 falstaff lpd: lpd shutdown succeeded
Jan 11 12:51:44 falstaff lpd: lpd startup succeeded
Jan 12 11:06:08 falstaff PAM_pwdb[4848]: (su) session opened for user root
by jrs(uid=500)

There was plenty of (unlogged) ssh on this box at this time. As I said,
a reboot cured the problem, but my experience suggests that there's
still a bug somewhere that needs to be squashed.

Comment 1 Bill Nottingham 2000-01-21 06:23:59 UTC
When you say that you compiled ssh from source, it is *not* a version
compiled against libc5, correct?

Comment 2 Bill Nottingham 2000-02-01 19:37:59 UTC
*** This bug has been marked as a duplicate of 7214 ***

Comment 3 jrs 2000-02-01 19:53:59 UTC
Yes, ssh-1.2.27 is compiled against libc6.

I'm not so sure that this is really a duplicate of 7214.
My sendmail (which came from the RH6.0 rpm) continued logging.

When I repeated the experiment on an identically configured
AMD K6-3 box, I found that after upgrading sysklogd, I was
able to get sshd to resume logging simply by kicking it:

  kill -s SIGHUP <pid of currently running sshd>

Note You need to log in before you can comment on or make changes to this bug.