> Gesendet: Dienstag, 10. Mai 2022 um 03:21 Uhr > Von: "Damien Miller" <djm@xxxxxxxxxxx> > I'd suggest the next steps in figuring this out are: > > 1) verifying that sshd is actually doing this (maybe via strace or > similar?) I startet sshd with "-E /var/log/app/ssh/debug.log" and in that log vor every "Accepted password" message there is one corresponding debug log message, so that log is as expected, unfortunately without timestamps, PIDs etc. > 2) verifying that syslogd isn't eating the log entries after sshd > sends them. If the same log entries like that are written with "-E /var/log/app/ssh/debug.log" are written to /dev/log (what seems to be according to the strace), I think the eating of the debug log messages could be a systemd issue (because /dev/log is a symlink to /run/systemd/journal/dev-log nowadays), or a syslog-ng issue. The non-debug messages are continiously logged as expected. I tried dozens of configuration tweeks with syslog-ng local file logging, without any change of behavior. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
