[H-GEN] How does one configure ssh/sshd to send log entries to a log file on a remote server?

[Greg Black]

On 2008-04-09, List Puppy wrote:

> I'm pretty sure this is quite simple to achieve, I just haven't found
> anything in man pages that gives me appropriate clues. :-(

Maybe you didn't try the right man pages.

> I have a situation where a number of small cron jobs run every few
> minutes.  These jobs use ssh to 'talk' to other boxes on the network.
> Even with loglevel set to its lowest, there is a log entry generated
> for every ssh connection made.  The /var partition is relatively
> small, so can fill very quickly.
> 
> For lots of reasons, we don't want to stop logging altogether, and we
> can't increase the /var partition.  We can make a large partition
> available on a network server to accept logging information from other
> servers.
> 
> One suggestion made was to simply delete the /var/log/secure file when
> it was too big.  That was rejected outright, as most of you would no
> doubt understand.

The sshd program usually uses the system syslog facility for logging and
so the solution is to read the man page for the syslog.conf file on your
systems.  Generally, you have the option to log to another host rather
than local files.  Of course, you need to run syslog ont he remote host
to accept logging from your sshd host.

Greg