Co:Z SFTP server to SYSLOGD

General discussion of the Co:Z Toolkit
Post Reply
bimhau
Posts: 2
Joined: Fri Aug 28, 2009 5:14 pm
Location: Conway, Arkansas

Co:Z SFTP server to SYSLOGD

Post by bimhau »

Hey guys!
I apologize if I’ve not caught a reference in the guides, but I’m wishing to integrated CoZ sftp server logging directly into SYSLOGD and need help determining if I can. I am already using the SFTP_LOGDIR and COZ_LOG variables in sftp-server.rc but it would nice to just write all to the IBM archiving SYSLOGD. Any pointers/pushback appreciated!
Breton
BORN TO BE WILD!!! ...at least until about 9 PM....
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Co:Z SFTP server to SYSLOGD

Post by dovetail »

Using SYSLOG is not recommended for Co:Z SFTP server logs since:

- the Co:Z SFTP server session log file (one per session) can be used for tracing that can be turned on by the remote client.
This kind of logging is not appropriate for SYSLOGD

- the remote user can do a "get /+error.log" to download the current session log. You can only do this if you are putting your logs in the filesystem.

Best practice is to put log files in their own filesystem, like something mounted at /var/log/coz and:
1) set up a maintenance job that culls these after some age.
2) configure the zFS filesystem to warn the operator (auto-ops) when a full threshold is met

For more information:
https://dovetail.com/docs/sftp/config.h ... er_logging
https://dovetail.com/docs/pt-quick-inst ... t-tmp.html
Post Reply