On 2017-07-28 at 14:26 -0400, Mike Tancsa wrote: > On 7/25/2017 7:21 PM, Phil Pennock wrote: > > Honestly, I'd start looking instead at having syslogd listen on a UDP > > socket on a non-routed address and send to that locally instead. See > > the "-a" option to syslogd, although contrary to docs my past experience > > has suggested that -a can't be repeated. > > How do I get sshd to send via UDP to syslogd ? Ugh, I've gotten too used to languages which let you customize this in openlog(). Tell sshd to run in the foreground writing logs to stderr and invoke it under a wrapper which sends logs wherever you want, while handling restarts. This isn't the core system ssh for sysadmin to log in, AIUI, so it's safer to have a little more complexity around the startup. /path/to/sshd -De There are various supervisor programs around which will log wherever you want (including via UDP syslog), you can pick one for whatever your preferred poison is. At this point, you are relying upon stdio from the chrooted processes, so the chroot is irrelevant and you can just log normally to wherever you want, so you could even just send straight to syslog, avoiding the need for devices in the chroots. -Phil _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev