I just installed Debian 6 on my server and noticed that sshd isn't writing any log to /var/log. I understand this is a huge security issue as I won't be able to know who logged in to my server. Is there anyway to fix this?
Linux – sshd not writing any kind of log Debian 6
debianlinuxloggingssh
Related Solutions
I don't think there will be some blocking over I/O here. When you do "tail -f", what's happening is
- your shell process, let's say bash, will spawn a new process 'tail'.
- tail will open the file, move file pointer to the end, wait for 3 seconds and check whether there are new data.
- if there is new data, tail will push it back to the bash using unix pipe.
- this data gets transmitted from server to your machine by bash + ssh.
So as you can see, a slow internet connection won't affect step #2, which is the key for I/O performance anyway.
Plus, tail opens file in 'read-only' mode and, an educated guess, logs are open in 'append-only' mode, so there shouldn't be much locking here to worry about. If this is still a bit concern for you, then you may want to try out the inotail which is based on latest linux inotify api to avoid polling the file.
Hope this helps, Alex
While the other answers here will stop the errors being written to your error log, they are simply ignoring the the error message and not fixing the error.
The error in this case is that your php.ini still has either magic_quotes_gpc on
or magic_quotes_gpc off
somewhere in it. The same is true for register_globals on
or register_globals off
.
The error is not that the directive is on or off. The error is that the directive shouldn't exist at all. Comment those lines out of your php.ini or remove them entirely and PHP will stop writing errors about deprecated directives.
Of course, this may cause problems with your application if it requires either of those to be on.
The reason this is an error in PHP 5.3 is that in PHP 6, these directives won't even exist and PHP 6 will behave as if they were set to off. If you ever plan on upgrading to PHP 6, now is a good time to start upgrading or replacing your application.
Another solution you could try is downgrading PHP back to the 5.2 or 5.1 branch.
As for PHP writing errors into Apache's log, this is natural because PHP is running as an Apache module. You can put something like error_log = /var/log/php_errors.log
into your php.ini and restart Apache to have the PHP errors separated from your Apache errors. While you're in there, I would recommend changing display_errors
to off
. Error messages can often contain sensitive information that you wouldn't want an attacker to see. You will most likely see this written in your php.ini:
; - display_errors = Off [Security]
; With this directive set to off, errors that occur during the execution of
; scripts will no longer be displayed as a part of the script output, and thus,
; will no longer be exposed to remote users. With some errors, the error message
; content may expose information about your script, web server, or database
; server that may be exploitable for hacking. Production sites should have this
; directive set to off.
There is no sane reason why the error messages contain HTML.
To answer another question that you didn't ask, the reason PHP reports this as being in <b>Unknown</b> on line <b>0</b>
is that the error message was designed for lines of PHP code that you have written but the error it found was in parsing the php.ini before it has even read a single line of code or even opened a .php file. Since it hasn't opened a file and doesn't have a line number, it reports them as "Unknown" and "0".
Best Answer
By default, sshd's
SyslogFacility
is set toAUTH
.If you haven't changed this in
/etc/ssh/sshd_config
, you should be getting sshd log information in/var/log/auth.log
. You'll also see messages here from pam and sudo, so all access information is logged in the same place.