#1 11. Juni 2012 Hey liebe Linux-Pro´s und die, die es noch werden wollen, ich habe ein kleines Problem mit Syslog-ng unter gentoo. Ich möchte, das der SSH Login nicht geloggt wird, sprich, das die Auth.log Datei lehr bleibt. Hier mal der Code von der config. Code: # /etc/syslog-ng/syslog-ng.conf # From the Gentoo Linux Security Guide # http://www.gentoo.org/doc/en/gentoo-security.xml # Creative Commons - Attribution / Share Alike License # http://creativecommons.org/licenses/by-sa/2.0 options { chain_hostnames(off); stats_freq(43200); owner(root); group(root); perm(0640); dir_perm(0740); create_dirs(yes); use_fqdn(no); keep_hostname(yes); use_dns(no); }; #source where to read log source src { unix-stream("/dev/log"); internal(); }; # kernel messages source kernsrc { file("/proc/kmsg"); }; # from a chrooted bind install source namedsrc { unix-stream("/var/named/chroot/dev/log"); }; #define destinations destination authlog { file("/var/log/auth.log"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination user { file("/var/log/user.log"); }; destination mail { file("/var/log/maillog"); }; destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); }; destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination shorewall { file("/var/log/shorewall/firewall.log"); }; destination blacklist { file("/var/log/shorewall/blacklist.log"); }; destination noblklst { file("/var/log/shorewall/noblacklist.log"); }; destination miniserv { file("/var/log/webmin/miniserv.error"); }; # Webmin miniserv.error destination console { usertty("root"); }; destination console_all { file("/dev/tty12"); }; #create filters filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; # filter f_failed { match("failed" value("MESSAGE")); }; filter f_denied { match("denied" value("MESSAGE")); }; filter f_shorewall { not match("Shorewall" value("MESSAGE")); }; # Filter everything except regex keyword Shorewall filter f_noshorewall { match("Shorewall" value("MESSAGE")); }; # Filter regex keyword Shorewall filter f_blacklist { not match("blacklist" value("MESSAGE")); }; # Filter everything except regex keyword blacklst filter f_noblklst { match("blacklist" value("MESSAGE")); }; # Filter regex keyword blacklst filter f_miniserv { not match("webmin" value("MESSAGE")); }; #connect filter and destination log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(kernsrc); filter(f_kern); destination(kern); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(kernsrc); filter(f_shorewall); destination(shorewall); }; # Shorewall full log log { source(kernsrc); filter(f_blacklist); destination(blacklist); }; # Shorewall blacklist log log { source(kernsrc); filter(f_noblklst); destination(noblklst); }; # Shorewall clean (no blacklist) log log { source(src); filter(f_miniserv); filter(f_noshorewall); destination(miniserv); }; # Webmin error log log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; #default log log { source(src); destination(console_all); }; Mein Gedanke war nun, diese Zeile: Code: #create filters filter f_auth { facility(auth); }; in Code: #create filters filter f_auth { facility(auth) and level(none); }; zu ändern, leider ist der "Begriff" oder Wert "NONE" nicht gegeben und der Daemon loggt fröhlich weiter. :/ Kann mir jemand helfen bei bei meinem Problem? + Multi-Zitat Zitieren
#2 11. Juni 2012 AW: Probleme mit Syslog-NG unter Gentoo Hi, auch wenn es OffTopic wieso deaktivierst du das Logging nicht einfach in der sshd config? VG + Multi-Zitat Zitieren
#3 11. Juni 2012 AW: Probleme mit Syslog-NG unter Gentoo Ich würde einfach: Code: destination df_auth { file("/dev/null"); }; machen. + Multi-Zitat Zitieren