kamikaze04
Guru
Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain
|
 Posted: Tue Oct 18, 2005 10:33 am Post subject: rssh and syslog-ng (open) |
 |
|
Hello,
I've just installed in my server rssh, to give some users sftp and scp without giving them a shell. The program really works great, but i am a little bit worried/angry with the log of this users.
I've set up in /etc/rssh.conf the facility: logfacility auth, and in my auth.log (i'm running syslog-ng) i get this if some of that users login via sftp:
| Code: |
Oct 18 12:20:57 golola sshd[2609]: Accepted keyboard-interactive/pam for xxxxxx from 81.203.155.228 port 2212 ssh2
Oct 18 12:20:57 golola sshd[2612]: (pam_unix) session opened for user xxxxxx by (uid=0)
Oct 18 12:20:57 golola sshd[2612]: subsystem request for sftp
Oct 18 12:20:57 golola rssh[2613]: setting log facility to LOG_AUTH
Oct 18 12:20:57 golola rssh[2613]: allowing scp to all users
Oct 18 12:20:57 golola rssh[2613]: allowing sftp to all users
Oct 18 12:20:57 golola rssh[2613]: setting umask to 022
Oct 18 12:24:46 golola sshd[2612]: (pam_unix) session closed for user xxxxxx
|
The thing is that i would like to log somehow with syslog-ng (maybe in a separate log), which users are logging in and out via sftp. the problem is that rssh does not say in any of his lines which user is logging in.
Hope i have explained myself. If you have any idea of how logging this, please let me know, it would be very useful.
Thanks a lot.
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es |
|
Networking & Security
