[H-GEN] How does one configure ssh/sshd to send log entries to a log file on a remote server?
James C. McPherson
James.C.McPherson at gmail.com
Tue Apr 8 21:19:59 EDT 2008
List Puppy wrote:
> I'm pretty sure this is quite simple to achieve, I just haven't found
> anything in man pages that gives me appropriate clues. :-(
>
> I have a situation where a number of small cron jobs run every few
> minutes. These jobs use ssh to 'talk' to other boxes on the network.
> Even with loglevel set to its lowest, there is a log entry generated
> for every ssh connection made. The /var partition is relatively
> small, so can fill very quickly.
>
> For lots of reasons, we don't want to stop logging altogether, and we
> can't increase the /var partition. We can make a large partition
> available on a network server to accept logging information from other
> servers.
On your client hosts, set loghost to the server where you've
got the larger partition, then setup syslog on your server
box to accept connections from your client boxes (and make
sure the server host thinks it is its own loghost :>). HUP
syslog on each system ... it should all just happen automagically.
If you're running Solaris or Solaris Express, you'd want
to ensure that the property "config/log_from_remote" is
set to true before restarting syslog on the server system.
James C. McPherson
--
Solaris kernel software engineer, system admin and troubleshooter
http://www.jmcp.homeunix.com/blog
http://blogs.sun.com/jmcp
Find me on LinkedIn @ http://www.linkedin.com/in/jamescmcpherson
More information about the General
mailing list