Configuring syslog-ng


I’ve recently configured a new file transfer server based on SLES 10. This replaces an aging NetWare 6.5 server. I have it configured for file transfers via FTP (using vsftpd) and SFTP. FTP uses tcp-wrappers to limit external access via IP address. Both FTP and SFTP users are chroot’d to their home directories. To get this working, I had to install install OpenSSH 5.2 (and pre-requsites); the older version of OpenSSH included with SLES 10 does not support chroot directly. I followed DamianMyerscough‘s excellent series on SSH to get this working:

SSH (Secure Shell) Tricks III

I also found the following article very helpful:
Setup of a chroot’d SFTP only server

The server went live about a week ago, and everything seemed good. Unfortunately, despite my advanced notice and repeated requests for testing from the user groups, it really wasn’t working at all. That is, it was working fine internally (via FTP), but file transfers from an outside vendor (using SFTP) were not working.

Of course, this is when I really discovered that logging was an issue. While vsftpd worked great and provided full file transfer details, I was only getting connection information from SSH and SFTP. Clearly this needed to be fixed. But, as usual, it wasn’t as straightforward as it sounded. (Every time I think I am getting somewhere with Linux, I discover how much I just don’t know yet.)

The long and short of the story is that I do have it working, after about a day and a half. And I now know more about the configuration of syslog-ng than I ever wanted to (In fact, I didn’t even know what syslog-ng was before yesterday).

And, again, DamianMyerscough was my rescuer. He is rapidly becoming my favourite Novell Communities author. At any rate, he posted an article last year about getting SSH to log somewhere other than /var/log/messages. This got me pointed in the right direction to configuring syslog-ng to get the logging working properly. I have entered my solution at the end of the article:

Syslog-ng – SSH Logging

Some other articles that helped me get this working (I like to give credit where I can):
/var/log/messages internal-sftp time stamp problem
syslog-ng, chroot environments & Solaris
Syslog-ng.conf Examples

(Visited 1 times, 1 visits today)


  • trixie1982 says:

    Thanks for the Links, helped me !!!!