Unix & Linux Asked by Gregg Leventhal on December 6, 2021
Right now, sshd is using the authpriv facility. The level of logging is fine, but I don’t want it in the syslog, I want it to go to /var/log/sshd (which doesn’t yet exist) on Red Hat Linux/Enterprise Linux. authpriv is configured to go to syslog by syslogd.conf. Do I need to change the facility on sshd to local2 (or any other unused local) for instance, and then direct local2 to /var/log/sshd or is there a better way?
Using ryslog you can set up a filter to redirect the log messages:
if $syslogfacility-text == 'authpriv' and $programname == 'sshd' then
action(type="omfile" file="/var/log/sshd")
if $programname == 'sshd' then ~
Answered by doneal24 on December 6, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP