From d95db24b83478d4b4d922cf9b7e1432e1454981f Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Mon, 9 Apr 2018 11:40:03 -0700 Subject: [PATCH] Updated Logging Facilities (markdown) --- Logging-Facilities.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Logging-Facilities.md b/Logging-Facilities.md index 88e6975..99df8be 100644 --- a/Logging-Facilities.md +++ b/Logging-Facilities.md @@ -8,6 +8,11 @@ In v7.6.1.0 and later, ETW logging is added and is the default. You can view the The admin channel is for CRITICAL and ERROR events, operational is for INFO and debug is for DEBUG* variants. The payload would mimic what users would otherwise see in a typical syslog entry. +To see Debug logs in EventViewer, do the following: +- Ensure sshd_config has logging level at DEBUG or above +- In Eventviewer, select option to show "Analytic and Debug Logs" (under top menu, View) +- Enable Debug logging (select Debug channel, click "Enable log" on right menu) + File based logging option (useful for quickly collecting debug traces) can be turned on by setting the following in sshd_config `SyslogFacility LOCAL0 `