X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.6 required=5.0	tests=AWL,BAYES_00,FREEMAIL_FROM,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
Message-ID: <31503455.post@talk.nabble.com>
Date: Fri, 29 Apr 2011 01:21:53 -0700 (PDT)
From: Fokke Nauta <fnauta AT solfon DOT nl>
To: cygwin AT cygwin DOT com
Subject: Re: Enable logging remote ssh contacts
In-Reply-To: <4DB9E086.30200@laposte.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
References: <31478200 DOT post AT talk DOT nabble DOT com> <20110426132128 DOT GA6293 AT jethro DOT local DOT lan> <31478748 DOT post AT talk DOT nabble DOT com> <4DB6E0EA DOT 8070901 AT cygwin DOT com> <31481290 DOT post AT talk DOT nabble DOT com> <ip7d1h$tt4$1 AT dough DOT gmane DOT org> <31484865 DOT post AT talk DOT nabble DOT com> <31485107 DOT post AT talk DOT nabble DOT com> <ip9h0a$39g$1 AT dough DOT gmane DOT org> <31490012 DOT post AT talk DOT nabble DOT com> <4DB889D9 DOT 2070703 AT laposte DOT net> <31495952 DOT post AT talk DOT nabble DOT com> <4DB9E086 DOT 30200 AT laposte DOT net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com




Cyrille Lefevre wrote:
>=20
>=20
> Le 28/04/2011 14:29, Fokke Nauta a =C3=A9crit :
> Hi,
>> Thanks for your help and explanation.
>=20
> you're welcome...
>=20
>> For a beginning: "syslogd must be started before sshd... does it ?"
>> It does. I can read the file /var/log/messages from the Cygwin shell and
>> it
>> gets filled with data.
>=20
> right.
>=20
>> Hence the reason I did not follow your instructions as I thought it was
>> working allright.
>=20
> as you wich.
>=20
> <snip>
>=20
>> What is the difference between LogLevel INFO and LogLevel VERBOSE in
>> /etc/sshd-config?
>=20
> I'd like the following message which permit to identify the incoming=20
> connexion :
>=20
> Apr 25 23:35:03 pcvista sshd: PID 11500: Found matching DSA key:=20
> a5:44:9f:8e:2e:ea:76:7a:4f:6e:46:7f:08:25:67:6e
>=20
>> My properties of /var/log/messages (and here lies the problem that the
>> file
>> is not accessable from withing Windows):
>>
>> ls -ld messages
>> -rw------- 1 SYSTEM root 47648 Apr 28 14:09 messages
>>
>> getfacl messages
>> # file: messages
>> # owner: SYSTEM
>> # group: root
>> user::rw-
>> group::---
>> mask:rwx
>> other:---
>>
>> Should I use chmod on /var/log/messages?
>=20
> no, setfacl %-|
>=20
> (getfacl messages  | echo group:Users:r--) | setfacl -m -f - messages
>=20
> PS : replace Users by the equivalents group on your system (Utilisateurs=
=20
> in french under Vista, don't know under XP ?)
> well, the last one :
> v2$ id
> uid=3D1000(Cyrille) gid=3D513(None)=20
> groups=3D513(None),0(root),544(Administrateurs),545(Utilisateurs)
>=20
>=20
> Regards,
>=20
> Cyrille Lefevre
>=20

Hi,

I entered (getfacl messages  | echo group:Users:r--) | setfacl -m -f -
messages
and got as result: Segmentation fault (core dumped)

Here is the dump:
Exception: STATUS_ACCESS_VIOLATION at eip=3D611134F9
eax=3D00000000 ebx=3D61245B54 ecx=3D0000662D edx=3DFEFF0100 esi=3D61245B54
edi=3D00403F98
ebp=3D0022BFA8 esp=3D0022BF90 program=3DD:\cygwin\bin\setfacl.exe, pid 1712,
thread main
cs=3D001B ds=3D0023 es=3D0023 fs=3D003B gs=3D0000 ss=3D0023
Stack trace:
Frame     Function  Args
0022BFA8  611134F9  (61245B54, 0000003A, 0022BFD8, 6111452F)
0022BFD8  004015C5  (00000002, 61245B54, 0022C144, 000006B0)
0022C108  004018B0  (00000002, 61245B54, 0022C144, 0022CD44)
0022CD58  00401B8F  (61245B40, 00000000, 0022CD98, 61007038)
0022CD98  61007038  (00000000, 0022CDD4, 61006980, 7FFDD000)
End of stack trace

id gives:
uid=3D1003(Fokke Nauta) gid=3D513(None)
groups=3D513(None),0(root),544(Administrators),545(Users),1005(boinc_admins)

Now everything works fine except that every action of copying
/var/log/messages to /cygdrive/e/files/logs/cygwin/ssh.log generates an
entry in /var/log/messages. Is there any way to avoid that?

Regards,
Fokke

--=20
View this message in context: http://old.nabble.com/Enable-logging-remote-s=
sh-contacts-tp31478200p31503455.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple