tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-26 23:44:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Logging Facilities (markdown)

Manoj Ampalam 2018-03-30 14:56:53 -07:00
parent 8bfa54b756
commit ea75f79bde
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Logging-Facilities.md

@ -1,4 +1,18 @@
### Logging facilities ### Logging facilities
Prior to v7.6.1.0 SSHD supported only 1 default logging facility (file based at logs/sshd.log). Prior to v7.6.1.0, server side components supported only 1 logging facility (file based at logs\sshd.log).
In v7.6.1.0 and later, ETW logging is the default. In v7.6.1.0 and later, ETW logging is added and is the default. You can view these logs under event viewer as follows:
![image](https://user-images.githubusercontent.com/14185020/37054957-4c6b2d4e-2135-11e8-90e3-3eba472ffc46.png) ![image](https://user-images.githubusercontent.com/14185020/37054957-4c6b2d4e-2135-11e8-90e3-3eba472ffc46.png)
The admin channel is for CRITICAL and ERROR events, operational is for INFO and debug is for DEBUG* variants.
The payload would mimic what users would otherwise see in a typical syslog entry.
File based logging option (useful for quickly collecting debug traces) can be turned on by setting the following in sshd_config
`LogFacility LOCAL0 `
With this option, the logs would be collected at %programdata%\ssh\logs.
sftp-server would follow similar semantics for logging (by default to ETW) and to files using the following as subsystem path in sshd_config:
`sftp-server -f LOCAL0`