You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a discussion in #oxide-q&a on 2023-03-08, it came up that our helios engvm doesn't have sshd authentication logging turned on by default. We should consider changing the default so that sshd auth logging is turned on.
Meanwhile, to do so manually:
Add the following to /etc/syslog.conf:
auth.info /var/log/authlog
(The separator MUST be a tab character, not spaces.)
Restart the syslog service: svcadm restart system-log.
Additional debugging
In the discussion mentioned above, it turned out that there's a bug in SMF that caused the syslog service to not be functioning at all. To see if you've hit that bug, run cat $(svcs -L system-log:default). The output below indicates a bug:
[ Mar 8 21:40:11 Stopping because service restarting. ]
[ Mar 8 21:40:11 Method property group 'stop' is not present. ]
[ Mar 8 21:40:11 Method property group 'start' is not present. ]
In a discussion in #oxide-q&a on 2023-03-08, it came up that our helios engvm doesn't have sshd authentication logging turned on by default. We should consider changing the default so that sshd auth logging is turned on.
Meanwhile, to do so manually:
Add the following to
/etc/syslog.conf
:(The separator MUST be a tab character, not spaces.)
Restart the syslog service:
svcadm restart system-log
.Additional debugging
In the discussion mentioned above, it turned out that there's a bug in SMF that caused the syslog service to not be functioning at all. To see if you've hit that bug, run
cat $(svcs -L system-log:default)
. The output below indicates a bug:To work around the bug, run:
After performing the above steps, and with the
auth.info
line in/etc/syslog.conf
, I started seeing entries in/var/log/authlog
.cc @jclulow, @wesolows
The text was updated successfully, but these errors were encountered: