how to log sshd access in a single file

Rick Miller vmiller at
Mon Sep 16 17:30:00 UTC 2013

Hi Aurikus,

Selecting "Reply all" when replying to messages on the list allows the
entire list to benefit from the discussion.

On Mon, Sep 16, 2013 at 11:05 AM, aurikus grande <aurikus at> wrote:

> Hello Rick.
> thanks a lot for your quick reply.
> Does your recommendation - to use syslog.conf mean instead - that i cant
> accomplish what i want with hosts.allow and twist ?

I am unfamiliar with twist and cannot authoritatively answer this question.
 Not to mention, it does not appear to be in base

I´m still reading through the man pages and try to understand how to
> configure syslog.conf.

I recommended syslog, because it is the stock logging mechanism for FreeBSD.

On my 9.1 system, /etc/syslog.conf contains:;                         /var/log/auth.log

These facilities are both logging to /var/log/auth.log.

Your stated goal was logging of failed ssh attempts to your host.  The
above line in syslog.conf accomplishes this by sending the message to

TCPWrappers will have no effect on logging of failed ssh attempts unless
sshd is configured to run via inetd.

I recommend pf or ipfw for filtering access to ssh.

Take care
Rick Miller

More information about the freebsd-questions mailing list