sshd服务日志存放在:/var/log/secure. 奇怪sshd配置文件中没有制定,但日志却存放在这? vim /etc/rsyslog.conf # The authpriv file has
sshd服务日志存放在:/var/log/secure.
奇怪sshd配置文件中没有制定,但日志却存放在这?
vim /etc/rsyslog.conf
# The authpriv file has restricted access.authpriv.* /var/log/securetailf /var/log/secure
因为secure存放了很多服务器的日志,对日志分析很麻烦,我们应该把日志另外存放,配置ssh配置文件
[root@master ~]# vim /etc/ssh/sshd_config#SyslogFacility AUTHSyslogFacility AUTHPRIV#LogLevel INFO改 SyslogFacility local1更改日志服务配置[root@master ~]# vim /etc/rsyslog.conf#signlocal1.* /var/log/sshd.log重启日志服务和sshd服务
