Hildegard Meier
2021-Sep-24 15:03 UTC
Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
Thanks, this sounds interesting and maybe in this direction could be the solution? But I do not understand you precisely.> source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); };You mean there should be /var/data/chroot/<username>/dev/hostname1/log /var/data/chroot/<username>/dev/hostname2/log ?> (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log)You mean there should be the Symlink /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname1/log ?> Do the above for second server, hostname2, use /dev/<hostname2>/logIt would not be possible to have a Symlink /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log since /var/data/chroot/<username>/dev/log is already a Symlink to /var/data/chroot/<username>/dev/hostname1/log (see first step), and it is the same NFS filesystem.> Gesendet: Freitag, 24. September 2021 um 16:08 Uhr > Von: "Douglas E Engert" <deengert at gmail.com> > An: openssh-unix-dev at mindrot.org > Betreff: Re: Howto log multiple sftpd instances with their chroot shared via NFS > > On 9/21/2021 4:49 AM, Hildegard Meier wrote: > > > > > How can I get the sftp user's activity be logged on each sftp server, when a user logs in to that server, while the user's home is shared on both servers via NFS? > > based on: > https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/88 > > This might work for a few sftp servers. > On first server, hostname1, use /dev/<hostname1>/log for all its default logging and its normal syslog-ng.conf and for the special > syslog-ng.conf: > source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); }; > (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log) > > Do the above for second server, hostname2, use /dev/<hostname2>/log > > Then add these to the chroot directories in NFS: > /var/data/chroot/<username>/dev/<hostname1>/log > /var/data/chroot/<username>/dev/<hostname2>/log > > This should cause hostname1 to lock on /var/data/chroot/<username>/dev/<hostname1>/log > and hostname 2 to lock on /var/data/chroot/<username>/dev/<hostname2>/log > because the syslog-ng does not really look at the syslog-ng.conf in the chroot. >
Thorsten Glaser
2021-Sep-24 15:11 UTC
Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
On Fri, 24 Sep 2021, Hildegard Meier wrote:> It would not be possible to have a Symlink > /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log > > since /var/data/chroot/<username>/dev/log is already a Symlink to > /var/data/chroot/<username>/dev/hostname1/log (see first step), and it > is the same NFS filesystem.Not sure I understand the entire situation, but can?t you make /var/data/chroot/<username>/dev/log a regular file (on the NFS mount) then bind-mount (see my earlier mail) /dev/log from the host over it? bye, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/ Telephon +49 228 54881-393 ? Fax: +49 228 54881-235 HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /?\ The UTF-8 Ribbon ? ? Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ? HTML eMail! Also, https://www.tarent.de/newsletter ? ? header encryption! ****************************************************
Douglas E Engert
2021-Sep-24 15:57 UTC
Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
On 9/24/2021 10:03 AM, Hildegard Meier wrote:> Thanks, this sounds interesting and maybe in this direction could be the solution? But I do not understand you precisely. > >> source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); }; > You mean there should be > /var/data/chroot/<username>/dev/hostname1/log > /var/data/chroot/<username>/dev/hostname2/log >The point is each application's syslog library will write to /dev/hostnameX/log or if running in chroot var/data/chroot/<username>/dev/hostnameX/log Thus each sever has it own lock for each user. So any lock done while application is running in chroot will lock will lock on different file.> >> (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log) > You mean there should be the Symlink > /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname1/log >Symlink may not be needed. I was refereing to a symlink when not using the chroot.> >> Do the above for second server, hostname2, use /dev/<hostname2>/log > > It would not be possible to have a Symlink > /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log > > since /var/data/chroot/<username>/dev/log is already a Symlink to /var/data/chroot/<username>/dev/hostname1/log > (see first step), and it is the same NFS filesystem. > > > >> Gesendet: Freitag, 24. September 2021 um 16:08 Uhr >> Von: "Douglas E Engert" <deengert at gmail.com> >> An: openssh-unix-dev at mindrot.org >> Betreff: Re: Howto log multiple sftpd instances with their chroot shared via NFS >> >> On 9/21/2021 4:49 AM, Hildegard Meier wrote: >> >>> >>> How can I get the sftp user's activity be logged on each sftp server, when a user logs in to that server, while the user's home is shared on both servers via NFS? >> >> based on: >> https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/88 >> >> This might work for a few sftp servers. >> On first server, hostname1, use /dev/<hostname1>/log for all its default logging and its normal syslog-ng.conf and for the special >> syslog-ng.conf: >> source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/hostname1/log" optional(yes) ); }; >> (May need to add a symlink on each host /dev/log->/dev/<hostname1>/log) >> >> Do the above for second server, hostname2, use /dev/<hostname2>/log >> >> Then add these to the chroot directories in NFS: >> /var/data/chroot/<username>/dev/<hostname1>/log >> /var/data/chroot/<username>/dev/<hostname2>/log >> >> This should cause hostname1 to lock on /var/data/chroot/<username>/dev/<hostname1>/log >> and hostname 2 to lock on /var/data/chroot/<username>/dev/<hostname2>/log >> because the syslog-ng does not really look at the syslog-ng.conf in the chroot. >> > > . >-- Douglas E. Engert <DEEngert at gmail.com>