[j-nsp] Best practices for syslog configuration

[Richard Hartmann]

Dear all,

Juniper's syslog is arguably strange, by default.

Point in case, with "any warning":

* If I try to log in with an existing user and bad password via ssh, a
remote syslog message with username and source IP is logged
* If I try to log in with a non-existing user and any via ssh, _no_
remote syslog message is generated. I get why you wouldn't want to log
a fat-fingered password as username, but source IP, or at least the
attempt, should be logged
* Every time I log out, inetd feels the need to tell me the return
code of my sshd process

While we are obviously customizing this, I am sure that there are
quite sophisticated syslog configurations out there which balance
verbosity and security which have grown over the years.

Long story short, I would appreciate a sharing of syslog
configurations, potentially interleaved with a discussion about
relative merits.


Thanks,
Richard