Extended Server Logging Patch

Chris Rapier rapier at psc.edu
Fri Nov 16 06:33:09 EST 2007


On the request of a coworker looking for more information about our SSH 
users I developed a patch that provides extended logging capability for 
SSHD. Its been written with an eye towards machine parsing. This patch 
will write the following information to the standard system log:

remote ip, remote port, & remote user name
protocol number and client version information
Encryption method, MAC method and compression
Bytes transferred including packet headers and messages (I think I'm 
collecting most of it)
Duration of connection, throughput in both directions.

So far they've found it useful with no reported problems.

Its a bit on the larger side (15k) so I'll just provide a link to the 
patch. If anyone has any comments or suggestions please let me know.

http://www.psc.edu/networking/projects/hpn-ssh/openssh4.7-server-logging.diff

Sample log data can be found here

http://www.psc.edu/networking/projects/hpn-ssh/logging-sample-output.html

This patch is made against the mainline code base but it does patch 
cleanly against hpn12v19. This patch and the previously mentioned 
progress bar patch can both be found at

http://www.psc.edu/networking/projects/hpn-ssh


Chris Rapier


More information about the openssh-unix-dev mailing list