Running ubuntu 8.04

I wanted to separate the cron logs from the auth logs, so in /etc/syslog.conf I uncommented the line "cron.* /var/log/cron.log".

I also wanted to cleanse the auth logs, so I deleted all of them.

I then restarted and tried to login via ssh, but there were no auth logs- a new auth.log wasn't created. The cron jobs were now logged to cron.log though.

I tried creating an auth.log and restarting but that didn't work, I think it was because I had to create it with sudo, so it was owned by "root" instead of "adm", like syslog.

How do I get my auth.log back?

9 Years
Discussion Span
Last Post by shwick

I created auth.log with "sudo touch auth.log" and changed it's permissions with "sudo chown syslog auth.log", "sudo chgrp adm auth.log" and "sudo chmod 640" to make it the same as syslog.

I tried restarting sshd but that didn't work, I had to restart the machine. sshd then started logging to auth.log properly.

I'm a little concerned with the first few log messages though, entered right after restart:

Oct 17 10:21:01 desktop sshd[4832]: error: Bind to port 22 on failed: Address already in use.
Oct 17 10:21:03 desktop sshd[4832]: Received SIGHUP; restarting.
Oct 17 10:21:03 desktop sshd[5538]: Server listening on :: port 22.
Oct 17 10:21:03 desktop sshd[5538]: error: Bind to port 22 on failed: Address already in use.
Oct 17 10:22:46 desktop sshd[5807]: Accepted password for [my username] from [an ip] port 62485 ssh2

Why would sshd not be able to bind to port 22 but also be able to accept incoming connections, as I was still able to login?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.