Selective and efficient logging of auth/connection information

Peter Stuge peter at stuge.se
Fri Sep 18 22:22:32 EST 2009


Christian Winter wrote:
> aim is to circumvent expensive and delayed mechanisms like
> tail()ing syslog to get to the required info

> and be able to take appropriate action (like blocking
> a host via the firewall) as quick as possible.
>
> So I thought about implementing a simple daemon that listens on a
> Unix Fifo and gets fed

The above is exactly what syslog does. There are many different
syslogds out there, I particularly like syslog-ng because it's easy
to create filters, and it can log selectively to pipes. This makes it
very easy to accomplish what you want.


> the neccessary parts from opensshd in a concise single-line format.

So this would be the real addition - that sshd contains policy on
what the system should do.

This has been brought up several times, and always rejected for good
reason; It's not the job of sshd to implement e.g. a firewall policy.


//Peter


More information about the openssh-unix-dev mailing list