Extended Server Logging Patch
Chris Rapier
rapier at psc.edu
Fri Nov 16 06:33:09 EST 2007
On the request of a coworker looking for more information about our SSH
users I developed a patch that provides extended logging capability for
SSHD. Its been written with an eye towards machine parsing. This patch
will write the following information to the standard system log:
remote ip, remote port, & remote user name
protocol number and client version information
Encryption method, MAC method and compression
Bytes transferred including packet headers and messages (I think I'm
collecting most of it)
Duration of connection, throughput in both directions.
So far they've found it useful with no reported problems.
Its a bit on the larger side (15k) so I'll just provide a link to the
patch. If anyone has any comments or suggestions please let me know.
http://www.psc.edu/networking/projects/hpn-ssh/openssh4.7-server-logging.diff
Sample log data can be found here
http://www.psc.edu/networking/projects/hpn-ssh/logging-sample-output.html
This patch is made against the mainline code base but it does patch
cleanly against hpn12v19. This patch and the previously mentioned
progress bar patch can both be found at
http://www.psc.edu/networking/projects/hpn-ssh
Chris Rapier
More information about the openssh-unix-dev
mailing list