X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.5 required=5.0	tests=AWL,BAYES_00,FREEMAIL_FROM,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
Message-ID: <31495952.post@talk.nabble.com>
Date: Thu, 28 Apr 2011 05:29:24 -0700 (PDT)
From: Fokke Nauta <fnauta AT solfon DOT nl>
To: cygwin AT cygwin DOT com
Subject: Re: Enable logging remote ssh contacts
In-Reply-To: <4DB889D9.2070703@laposte.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
References: <31478200 DOT post AT talk DOT nabble DOT com> <20110426132128 DOT GA6293 AT jethro DOT local DOT lan> <31478748 DOT post AT talk DOT nabble DOT com> <4DB6E0EA DOT 8070901 AT cygwin DOT com> <31481290 DOT post AT talk DOT nabble DOT com> <ip7d1h$tt4$1 AT dough DOT gmane DOT org> <31484865 DOT post AT talk DOT nabble DOT com> <31485107 DOT post AT talk DOT nabble DOT com> <ip9h0a$39g$1 AT dough DOT gmane DOT org> <31490012 DOT post AT talk DOT nabble DOT com> <4DB889D9 DOT 2070703 AT laposte DOT net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com



Cyrille Lefevre wrote:
>=20
>=20
> Le 27/04/2011 20:49, Fokke Nauta a =C3=A9crit :
> Hi,
>=20
>> I don't have any ll in the shell. Not recognized.
>> So I can't see the
>> I have syslog-ng running. Should I replace that by autossh?
>=20
> syslogd must be started before sshd... does it ?
>=20
> let's try configuring both services differently :
>=20
> # backup the actual configuration
> cygrunsrv -VQ syslogd > syslogd.cfg
> cygrunsrv -VQ sshd > sshd.cfg
>=20
> # stop the services
> cygrunsrv -E syslogd
> cygrunsrv -E sshd
>=20
> # remove the services
> cygrunsrv -R syslogd
> cygrunsrv -R sshd
>=20
> # reconfigure the services using the .cfg parameters if different
>=20
> # -y tcpip may be added but in this case, sshd should depend on
> # syslogd sshd (see the alternative below)
> cygrunsrv -I syslogd -p /usr/sbin/syslogd \
> -d "CYGWIN syslog daemon" -u LocalSystem -w ''
>=20
> # since tcpip doesn't start too early, syslogd has the time
> # to start before sshd does...
> cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
> -d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
> -y tcpip -e "CYGWIN=3Dtty" # ntsec if XP, tty isn't necessary.
>=20
> # alternative, don't touch the syslogd service but provide it
> # as an sshd depedency...
> cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
> -d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
> -y tcpip -y syslogd -e "CYGWIN=3Dtty" # ntsec if XP, tty isn't necessary.
>=20
> # start the services
> cygrunsrv -S syslogd
> cygrunsrv -S sshd
>=20
> although, permission check (under vista at least, don't know under XP)
>=20
> somebody AT somewhere /var/log
> v2$ ls -ld . messages
> drwxrwxrwx+ 1 somebody None       0 Mar 31 00:38 .
> -rw-rw-r--+ 1 SYSTEM   root 3495748 Apr  3 15:26 messages
> ----------^ note the + here =3D> acl
>=20
> somebody AT somewhere /var/log
> v2$ getfacl . messages
> # file: .
> # owner: somebody
> # group: None
> user::rwx
> group::rwx
> group:root:rwx
> group:SYSTEM:rwx
> mask:rwx
> other:rwx
> default:user::rwx
> default:group::rwx
> default:group:root:rwx
> default:group:SYSTEM:rwx
> default:group:Utilisateurs:r-x
> default:mask:rwx
> default:other:rwx
>=20
> # file: messages
> # owner: SYSTEM
> # group: root
> user::rw-
> group::rw-
> group:Utilisateurs:r-x
> mask:rwx
> other:r--
>=20
> at last, I prefer the VERBOSE log level than the info one :
>=20
> somebody AT somewhere /var/log
> v2$ grep Level /etc/sshd_config
> LogLevel VERBOSE
>=20
>=20
> Regards,
>=20
> Cyrille Lefevre
>=20
>=20

Hi Cyrille,

Thanks for your help and explanation.

For a beginning: "syslogd must be started before sshd... does it ?"
It does. I can read the file /var/log/messages from the Cygwin shell and it
gets filled with data.

Hence the reason I did not follow your instructions as I thought it was
working allright.

I was not able to open in from within Windows, so installed cron and copy it
every 10 minutes to a different location. I am since then able to open that
new file from Windows.

Problem: The action of copying also creates an entry in /var/log/messages.
So that file is full of these entries.
What is the difference between LogLevel INFO and LogLevel VERBOSE in
/etc/sshd-config?

My properties of /var/log/messages (and here lies the problem that the file
is not accessable from withing Windows):

ls -ld messages
-rw------- 1 SYSTEM root 47648 Apr 28 14:09 messages

getfacl messages
# file: messages
# owner: SYSTEM
# group: root
user::rw-
group::---
mask:rwx
other:---

Should I use chmod on /var/log/messages?

Regards,
Fokke

--=20
View this message in context: http://old.nabble.com/Enable-logging-remote-s=
sh-contacts-tp31478200p31495952.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple