enable logging for SSH
[288 byte] By [implife] at [2007-11-26 9:57:44] 
HiI am trying to enable logging for SSH. Using sun 5.9. The SSH was preinstalled.The logging should be able to track who logs in, time and ip address. Is it possible to also track what each user has done?Any help would be appreciated.ThanksDarren
# 1
HiOn the sshd_config file, it needs to be edited and there is a section for LoggingThe Loglevel can be changed default would be INFORgdsHGNGopih at 2007-7-7 1:22:17 >
# 2
Hi GopihThanks for your help..My sshd_config already contains this line but i still don't see anything.# Syslog facility and levelSyslogFacility authLogLevel infoAlso, where would the logs be?is it in /var/log?thanksdarrenimplife at 2007-7-7 1:22:17 >
# 3
Hi, Check your syslog configuration file and restart/reload SSH daemon. If this doesn't work add this line into syslog.conf:auth.info/var/adm/auth.log So ssh logging will go into above file.-- jbravojbravopl at 2007-7-7 1:22:17 >
# 4
.. also, after adding the lines to your syslog.conf, ensure that the file exists and then restart the syslog daemon (using, for example, /etc/init.d/syslog stop /etc/init.d/syslog start ) 7/M.mAbrante at 2007-7-7 1:22:17 >
# 5
it works.. thanks for both your help.. I was missing the start stop part.however, is there anywhere where by i can track what that particular user does? like if he created or edited a file or the commands ran?would using auth.debug help?implife at 2007-7-7 1:22:17 >
# 6
No, auth.debug would not help.
As far as I know, theres no facility in ssh to track what happens in an ssh session.
Just the logins.
I theory you can change the users shell into something logs the session.
Possibly something scripted with the "script" command.
But it would be non trivial.
robertcohen at 2007-7-7 1:22:17 >
# 7
Hi Robert, mAbrante and jbravopl Thanks for your help.. Much appreciated.anyone know of any other way then scripting?implife at 2007-7-7 1:22:17 >
# 8
There is a Solaris utility called Auditing, it might be able to do that kind of things, however i'm not 100% sure, but i think it would be worth looking into. 7/M.mAbrante at 2007-7-7 1:22:17 >
# 9
oh... will do.. thanks....implife at 2007-7-7 1:22:17 >
Solaris Operating System New Topic
Solaris Operating System Hot Topic
- How to synchronize cmos date?
- V490 sol8 no disks found
- jumpstart, lofiadm, and setup_install_server
- Solaris S10 U2 (06/06) 32bit and 64bit download version
- Sun Cluster 3.1u4 on Solaris 10 6_06 Sparc with native Sun iSCSI initiator.
- Solaris 10 Installation
- Enable ftp/telnet Solaris 10
- help me please no internet connection solaris 10
Solaris Operating System
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding