|
|
Subscribe / Log in / New account

A syslog-ng message correlation example

A syslog-ng message correlation example

Posted Mar 7, 2012 21:28 UTC (Wed) by mp (subscriber, #5615)
In reply to: A syslog-ng message correlation example by larsks
Parent article: A syslog-ng message correlation example

But this example correlates the "Accepted" message with the "session closed" one, and they seem to come from the same process under privilege separation.

to post comments

A syslog-ng message correlation example

Posted Aug 8, 2013 13:12 UTC (Thu) by faxm0dem (guest, #92265) [Link]

In my installation, the PID of the "Accepted password for" message is logged.
However, the PID of the "pam_unix(sshd:session)" message is not available.
So using scope=process doesn't work.
Using scope=program does, but will mix unrelated sessions.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds