how to log sshd access in a single file

aurikus grande aurikus at
Mon Sep 16 17:58:01 UTC 2013

Hello Rick,

sorry that i did not reply to all, from now on i will use "reply to all".
Thanks for pointing it out.

I will also open port 80 for web access, but i do not want to log those.
Because i expect a huge amount of traffic on my server.

So i only want to log successfull and unsuccessfull sshd access.

twist is part of the FreeBSD 9.1 base installation, i did not yet install
any other package.

The idea behind using hosts.allow was because i could specify the rule by
the service (and not by the level of the message).

And yes, in my case sshd is configured to run via inetd.

You are correct, my main goal is to log all failed sshd attempts. If it is
easier to log successfull and failed attempts (to the same file), this
would also be fine for me.

Thanks in advance for your continued effort.

Best regards,

2013/9/16 Rick Miller <vmiller at>

> Hi Aurikus,
> Selecting "Reply all" when replying to messages on the list allows the
> entire list to benefit from the discussion.
> On Mon, Sep 16, 2013 at 11:05 AM, aurikus grande <aurikus at>wrote:
>> Hello Rick.
>> thanks a lot for your quick reply.
>> Does your recommendation - to use syslog.conf mean instead - that i cant
>> accomplish what i want with hosts.allow and twist ?
> I am unfamiliar with twist and cannot authoritatively answer this
> question.  Not to mention, it does not appear to be in base
> I´m still reading through the man pages and try to understand how to
>> configure syslog.conf.
> I recommended syslog, because it is the stock logging mechanism for
> FreeBSD.
> On my 9.1 system, /etc/syslog.conf contains:
>;                         /var/log/auth.log
> These facilities are both logging to /var/log/auth.log.
> Your stated goal was logging of failed ssh attempts to your host.  The
> above line in syslog.conf accomplishes this by sending the message to
> /var/log/auth.log.
> TCPWrappers will have no effect on logging of failed ssh attempts unless
> sshd is configured to run via inetd.
> I recommend pf or ipfw for filtering access to ssh.
> --
> Take care
> Rick Miller

More information about the freebsd-questions mailing list