Nothing being written to /var/log/authlog
as root user I've edited the syslog.conf unhashing the line
auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
I ran the command kill -HUP 'cat /etc/syslog.pid'
But nothing is being written to the /var/log/authlog file. I then changed the permission from
-rw-1 rootsys0 Apr 3 2005 /var/log/authlog
to
-rwxrwxrwx1 rootsys0 Apr 3 2005 /var/log/authlog
and did the kill -HUP command again.
Can you suggest why this isn't working. It's worked on other boxes I've done this on. Any suggestion would be gratefully received
# 1
what do you have that could be trying to write there, ssh perhaps?
change the lines that might be something like -
#SyslogFacility <somevalue>
#LogLevel <somevalue>
to
SyslogFacility AUTH
LogLevel INFO
restart sshd
and then try to inbound connect, but you'll also need to create some error condition, like killing the ssh client on the initiating side, then it should show something in your log
Jul 13 09:00:04 hostname sshd[pidhere]: fatal: Read from socket failed: Connection reset by peer
the other obvious things are - make sure syslog is running, /var is less than 90% full, and loghost isn't externally defined to a different machine - jeff
# 2
The easiest way to check syslog is using the "logger" command.
Try:
logger -p auth.notice This is a test
It should show up in authlog, if not, there is probably a problem with your ifdef.
