I log sshd session in a file called /var/log/sshd.log and here’s how I do
it:
1. touch /var/log/sshd.log
2. edit your /etc/syslog.conf and add the lines
!sshd
*.* /var/log/sshd.log
3. killall -HUP syslogd
The sshd will now log stuff into /var/log/sshd.log. Edit your
/etc/ssh/sshd_config file to determine what gets logged. By default, the following lines are in sshd_config for sylog logging:
SyslogFacility AUTH
LogLevel INFO
Change as necessary, more details are in the sshd manpage.
Recent Comments