[Bug 2082] Please add pubkey fingerprint to authentication log message
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Apr 13 00:04:54 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2082
Gabor K Horvath <gahorvath at npsh.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gahorvath at npsh.hu
--- Comment #3 from Gabor K Horvath <gahorvath at npsh.hu> ---
(In reply to comment #2)
> It's a bit awkward to have to parse multiple lines including keeping
> context (the pid) to see if a user possible logged in or not :/ (and
> most scripts just do it wrong).
I have to agree.
The fact that it's a multi line log entry makes it more difficult to
parse. This is a concern for everyone doing log analysis (with a SIEM
for example).
If I turn on the verbose option, I break the existing parsers for
openSSH logs. All those are usually single line events. This is a
multi-line event.
Besides using the verbose option makes sshd a lot more chatty, having
the key fingerprint on the log in line would be a lot nicer.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list