Well...internal-sftp comes with ssh and socket device /dev/log isn't necessary when writing to MySQL via module ommysql...
I think time to write a scrip to take care of this myself...bummer...ommysql had looked promising...thx! Tim On Wed, July 27, 2016 1:47 pm, David Lang wrote: > On Wed, 27 Jul 2016, lai wrote: > > >> Hi, David: >> >> >> It's supposedly to be a simply sftp server. The sftp server allows user >> uploads, and all sftp users are jailed in the chroot dir by having >> these lines in the sshd_config file... >> >> Match group sftp >> X11Forwarding no >> AllowTcpForwarding no >> ChrootDirectory /home/%u >> ForceCommand internal-sftp -f LOCAL3 -l INFO >> >> >> Now, in rsyslog.conf, we tell syslog to write all local3 to the mysql >> db... >> >> $ModLoad /lib64/rsyslog/ommysql.so >> local3.* :ommysql:db_server,db_name,user_name,passwd >> >> So, users, not in group sftp, sftp session were successfully logged in >> the DB, but sftp group users (jailed) were not... >> >> >> I think I may just have to tail the log file and pipe the info in the >> database using my own script...I guess I was hoping to keep things >> simple...but just not a lot of info I can find on ommysql... > > your problem has nothing to do with ommysql > > your problem has to do with your ssh server. > > you need to find out where is it writing it's logs and why it's not > writing them to /dev/log. the user logins are handled by the sshd server > that's not running in the chroot, so it should write to /dev/log. > > now, you invoke the command internal-sftp, but I have no idea what that > is or how it works. is it something you wrote? > > David Lang > > >> Thx for all your help! >> >> >> Tim >> >> >> >> On Wed, July 27, 2016 1:09 pm, David Lang wrote: >> >>> why is a chroot involved with rsyslog or the database? are you >>> running a second copy of rsyslog inside the chroot? >>> >>> David Lang >>> >>> >>> >>> On Wed, 27 Jul 2016, lai wrote: >>> >>> >>> >>>> Date: Wed, 27 Jul 2016 12:25:52 -0600 >>>> From: lai <[email protected]> >>>> Reply-To: rsyslog-users <[email protected]> >>>> To: rsyslog-users <[email protected]> >>>> Subject: Re: [rsyslog] Writing rsyslog message to MySQL in >>>> Changeroot >>>> Environment >>>> >>>> >>>> >>>> Ah...so I now have mysql client working the the chroot environment >>>> and the chroot user was able to connect to the db using the mysql >>>> client, and I also have rsyslog lib inside of it as well...still no >>>> deal as far as loggin to mysql DB with the chroot user... >>>> >>>> The doc on ommysql has very limited info...would the creator of it >>>> please chime in on this issue? Or anyone who had done this before. >>>> >>>> Please...please...please...thx so much! >>>> >>>> >>>> >>>> Tim >>>> >>>> >>>> >>>> On Tue, July 26, 2016 4:06 pm, Thomas Deutschmann wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA512 >>>>> >>>>> >>>>> >>>>> >>>>> Hi, >>>>> >>>>> >>>>> >>>>> >>>>> are you familiar with running programs in a chroot environment? >>>>> I.e. >>>>> you know that you have to provide each SO (library) used by the >>>>> program you will be running chrooted? >>>>> >>>>> First I would check that the "mysql" program works in that >>>>> environment. I.e. become the user which will run rsyslogd later >>>>> and chroot into that environment and try to connect to your >>>>> desired mysqld server using the same connection (socket or TCP/IP) >>>>> and credentials your rsyslogd will use. >>>>> >>>>> When you are unable to connect to you mysqld there's a problem >>>>> with missing dependencies, your linux user maybe don't have the >>>>> privileges to access the mysqld socket or establish a TCP/IP >>>>> connection, your used credentials could be wrong or the mysql user >>>>> is not allowed to connect from that host (check mysql host >>>>> restrictions!). >>>>> >>>>> Once you can connect to your mysqld from the chroot environment >>>>> using the "mysql" program make sure that all rsyslogd dependencies >>>>> are available from that environment like you have done before for >>>>> the mysql program (don't forget to check rsyslogd's modules!). >>>>> >>>>> >>>>> >>>>> Now rsyslogd should be able to connect to that mysqld, too. >>>>> >>>>> >>>>> >>>>> >>>>> If not run rsyslogd in foreground/with debug output and check >>>>> mysqld logs (you need to set "log-warnings = 2" in your mysqld to >>>>> log failed login attempts). >>>>> >>>>> >>>>> - -- >>>>> Regards, >>>>> Thomas >>>>> >>>>> >>>>> >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v2.1 >>>>> >>>>> >>>>> >>>>> >>>>> iQJ8BAEBCgBmBQJXl97XXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w >>>>> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 >>>>> NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/ICe8QAKG6zjkOVtCuIwKe6uGGHaMO >>>>> sKP3CLZScxS1so6pRIwrfQiw2BKho7vZxYOUfHEa3+FRKguYpbIJhwmJs+sz7Nf3 >>>>> 0gGcRTp7udTXPhLDZbjLKc99e4ZcxO6sx7ueIehV9qZEk6+4XXAIxTEVmQOtz4k/ >>>>> QDxPHXpKx5k/XiQDr/8T5BjZ/JZosxhVZzctK6frr2luvzfakOVY7C96OSzOxqs3 >>>>> JYUH26lpSsIbWckZfhSLUc660OcysG5cGtLuQ6iYL5c4SGdl4a/92SHjeLD0iJ6Z >>>>> 7/F9K3fMO7jpK0e8vTBSea5ZylWcE4CrV0IdNCEtV4zv1kURzI3qNiNjN8joNy6+ >>>>> KaUmx3bUdaTE7XgyPDYKgDGX9r1bik+n7J6LGFjJ+Trqrwh+5oE/tTVY1WBmgiMa >>>>> 2iK3dNOtoE7OimI5xE0hUl4D10OuZa23WOOa1IV6DFTzBp2EmKPmVEibyWFX2uDc >>>>> sRiHhj6jbXiilWnGOgoFre6gv9g/xXL9XvEj8dT6YyNnOyRXXSct4qsZ3Uc9jpiy >>>>> HBIRtfVp2EC6qN+xqdlEpwj7iE2x5RUqbGBqxG2h8XdtRelRSMNhoWdaCnjyZhn8 >>>>> l6riN9A8pTnYMY1JckNnHYJCRpZ9yQo0Gd7VyIPjmBWPKDb7mORs6OGPbIA8e45Y >>>>> C+2R9GwSAkCpjk5lMRem >>>>> =gM3W >>>>> -----END PGP SIGNATURE----- >>>>> _______________________________________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>> http://www.rsyslog.com/professional-services/ >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >>>>> POST >>>>> if you DON'T LIKE THAT. >>>>> >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >>>> POST if you >>>> DON'T LIKE THAT. >>>> >>>> >>>> >>> _______________________________________________ >>> rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST >>> if you DON'T LIKE THAT. >>> >>> >>> >> >> >> _______________________________________________ >> rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> > _______________________________________________ > rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
