tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-25 23:14:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Logging Facilities (markdown)

Manoj Ampalam 2018-03-30 14:56:53 -07:00
parent 8bfa54b756
commit ea75f79bde
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Logging-Facilities.md

@ -1,4 +1,18 @@
### Logging facilities
Prior to v7.6.1.0 SSHD supported only 1 default logging facility (file based at logs/sshd.log).
In v7.6.1.0 and later, ETW logging is the default.
Prior to v7.6.1.0, server side components supported only 1 logging facility (file based at logs\sshd.log).
In v7.6.1.0 and later, ETW logging is added and is the default. You can view these logs under event viewer as follows:
![image](https://user-images.githubusercontent.com/14185020/37054957-4c6b2d4e-2135-11e8-90e3-3eba472ffc46.png)
The admin channel is for CRITICAL and ERROR events, operational is for INFO and debug is for DEBUG* variants.
The payload would mimic what users would otherwise see in a typical syslog entry.
File based logging option (useful for quickly collecting debug traces) can be turned on by setting the following in sshd_config
`LogFacility LOCAL0 `
With this option, the logs would be collected at %programdata%\ssh\logs.
sftp-server would follow similar semantics for logging (by default to ETW) and to files using the following as subsystem path in sshd_config:
`sftp-server -f LOCAL0`