SSH Tunnel Logs
jludwig
wralphie at comcast.net
Wed May 26 16:01:36 UTC 2004
On Tue, 2004-05-25 at 20:26, Brad Smith wrote:
> On Tue, 2004-05-25 at 21:44, Patrick Nelson wrote:
> > FC1
> > openssh-3.6.1p2
> >
> > I have a port forwarding ssh tunnel and it works great. I was trying to
> > find some info in log files about users who connect through the tunnel
> > and I couldn't really find anything. Would like to see a list of users
> > and when they connect. Is this possible?
> >
>
> I don't know of any way to get sshd to log who uses the tunnel, but you
> can (should?) have other software logging at either end.
>
> In other words, if you want to log who's accessing the service, then you
> should configure the service at the other end of the tunnel to do the
> logging. If you just want a record of the IPs that connect to the
> "start" end of your tunnel, you can use iptables on that machine:
>
> iptables -I INPUT -p tcp --dport X -m state --state NEW -j LOG
> --log-level info --log-prefix "TUNNEL CONNECT: "
>
> where X is the port that sshd is listening on for the tunnel.
>
> Hope that helps.
>
> --Brad
You can also play with the log level S.A.
*.notice /var/log/networking
and set iptables -p tcp --dport x -m state --state NEW -j LOG
--log-level notice --log-prefix "TUNNEL CONNECT: "
This will put the information in a separate (/var/log/networking) file
if this log level is not used.
--
jludwig <wralphie at comcast.net>
More information about the users
mailing list