Server Debugging and Auditing
Server event messages can arise from different sources and be controlled by different configuration options. The following table summarizes sshd command-line options and server configuration keywords that affect logging; and describes where to find the output.
To |
Use |
Output Location |
Notes |
Debug a single client connection |
-d debug_level |
stderr |
Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.) With this option, sshd terminates after the first client connection closes. This option is independent of the setting for LogLevel. |
Enable persistent debugging |
-D debug_level |
/etc/ssh2 |
A debug file is created using the following file name format: debugYYMMDD_HHMMSS, where YY=year, MM=month, DD=day, HH=hour, MM=minutes, and SS=seconds. This option is independent of the setting for LogLevel. |
Suppress debug messages |
-q |
N/A — affects syslog output only |
This option overrides LogLevel. |
View server startup messages |
LogLevel |
stderr |
Output to stderr includes errors and warnings found while parsing sshd2_config. |
View server event messages |
LogLevel |
syslog |
After the configuration file is read, messages go to syslog. |
View sftp-server event messages |
SftpSyslogfacility |
syslog |
Use SftpSyslogFacility to send sftp- server messages to a specified alternate file (rather than the default facility file). You may want to do this to avoid populating the default file with these messages. |
Change default facility code |
SyslogFacility |
N/A |
This setting specifies the facility code used for logging messages from the server. The default is `AUTH'. This value must correspond to how syslogd is configured. |
 |