Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS

Sat Sep 25 01:57:33 AEST 2021

On 9/24/2021 10:03 AM, Hildegard Meier wrote:
> Thanks, this sounds interesting and maybe in this direction could be the solution? But I do not understand you precisely.
> 
>> source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); };
> You mean there should be
> /var/data/chroot/<username>/dev/hostname1/log
> /var/data/chroot/<username>/dev/hostname2/log
> 

The point is each application's syslog library will write to  /dev/hostnameX/log  or if running in chroot
var/data/chroot/<username>/dev/hostnameX/log

Thus each sever has it own lock for each user.

So any lock done while application is running in chroot will lock will lock on different file.

> 
>> (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log)
> You mean there should be the Symlink
> /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname1/log
> 

Symlink may not be needed. I was refereing to a symlink when not using the chroot.

> 
>> Do the above for second server, hostname2, use /dev/<hostname2>/log
> 
> It would not be possible to have a Symlink
> /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log
> 
> since /var/data/chroot/<username>/dev/log is already a Symlink to /var/data/chroot/<username>/dev/hostname1/log
> (see first step), and it is the same NFS filesystem.
> 
> 
> 
>> Gesendet: Freitag, 24. September 2021 um 16:08 Uhr
>> Von: "Douglas E Engert" <deengert at gmail.com>
>> An: openssh-unix-dev at mindrot.org
>> Betreff: Re: Howto log multiple sftpd instances with their chroot shared via NFS
>>
>> On 9/21/2021 4:49 AM, Hildegard Meier wrote:
>>
>>>
>>> How can I get the sftp user's activity be logged on each sftp server, when a user logs in to that server, while the user's home is shared on both servers via NFS?
>>
>> based on:
>> https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/88
>>
>> This might work for a few sftp servers.
>> On first server, hostname1, use /dev/<hostname1>/log for all its default logging and its normal syslog-ng.conf and for the special
>> syslog-ng.conf:
>> source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); };
>> (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log)
>>
>> Do the above for second server, hostname2, use /dev/<hostname2>/log
>>
>> Then add these to the chroot directories in NFS:
>> /var/data/chroot/<username>/dev/<hostname1>/log
>> /var/data/chroot/<username>/dev/<hostname2>/log
>>
>> This should cause hostname1 to lock on  /var/data/chroot/<username>/dev/<hostname1>/log
>> and hostname 2 to lock on /var/data/chroot/<username>/dev/<hostname2>/log
>> because the syslog-ng does not really look at the syslog-ng.conf in the chroot.
>>
> 
> .
> 

-- 

  Douglas E. Engert  <DEEngert at gmail.com>