更改 CentOS 上的 sshd 日志文件位置?

更改 CentOS 上的 sshd 日志文件位置?

如何更改sshdCentOS 上的日志文件位置?sshd记录到/var/log/messages而不是/var/log/secure.如何更改设置以便sshd停止向 发送日志/var/log/messages

答案1

请发布您的sshd_config其他内容似乎已经完成。库存 CentOS 系统始终登录到/var/log/secure.

例子

$ sudo tail -f /var/log/secure
Feb 18 23:23:34 greeneggs sshd[3545]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Feb 18 23:23:36 greeneggs sshd[3545]: Failed password for root from ::1 port 46401 ssh2
Feb 18 23:23:42 greeneggs unix_chkpwd[3555]: password check failed for user (root)
Feb 18 23:23:42 greeneggs sshd[3545]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Feb 18 23:23:43 greeneggs sshd[3545]: Failed password for root from ::1 port 46401 ssh2
Feb 18 23:23:48 greeneggs sshd[3545]: Accepted password for root from ::1 port 46401 ssh2
Feb 18 23:23:48 greeneggs sshd[3545]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 18 23:24:05 greeneggs sshd[3545]: Received disconnect from ::1: 11: disconnected by user
Feb 18 23:24:05 greeneggs sshd[3545]: pam_unix(sshd:session): session closed for user root
Feb 18 23:27:15 greeneggs sudo:     saml : TTY=pts/3 ; PWD=/home/saml ; USER=root ; COMMAND=/bin/tail /var/log/secure

这是通过以下方式控制的/etc/ssh/sshd_config

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

以及以下内容/etc/rsyslog.conf

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

你的问题

在您的评论之一中提到您的rsyslogd配置文件名为/etc/rsyslog.config.这不是该文件的正确名称,并且可能是您的日志记录失败的原因。将此文件的名称更改为/etc/rsyslog.conf,然后重新启动日志记录服务。

$ sudo service rsyslog restart

答案2

默认的sshdsyslog 工具是AUTH,因此它将记录在 syslog 中/var/log/messages

要将sshd日志记录到新文件,您可以将其 syslog 工具更改为其他内容,然后配置 syslog 将此新工具记录到新文件,即:

在 sshd_config 中,添加以下行:

SyslogFacility AUTHPRIV

然后在 syslog.conf 中:

authpriv.* /var/log/secure

相关内容