What is the provider name for OpenSSH logs in Windows Event log?

rimono 0 Reputation points
2024-04-09T12:42:50.4766667+00:00

I am trying to programmatically get notifications for new OpenSSH event logs on Windows. I based my C++ code on this:
https://learn.microsoft.com/en-us/windows/win32/eventlog/receiving-event-notification

When I use "OpenSSH" as the provider name in the following call:
hEventLog = OpenEventLog(NULL, provider_name);

I don't get notifications for OpenSSH logs. I tried with "PowerShell" as provider_name, just to see if it works, and I did get notifications.

What is the correct provider name to use?

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2024-04-10T08:17:33.6866667+00:00

    Hi rimono,

    Thanks for your post. Based on my research, the Windows OpenSSH server logs to the event log by default. Generally speaking, we can look in the Event Log Viewer under Applications and Services Logs -> OpenSSH. The Admin log shows errors, the Operational log shows Informational messages.

    The OpenSSH logging is controlled by your C:\ProgramData\ssh\sshd_config file. The entry SyslogFacility determines the log location.

    I got the answer from here: https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities.

    The event log may miss some extra lines that would otherwise be show in a log file (e.g. the reason why authorized_keys is ignored). To see them, edit C:\ProgramData\ssh\sshd_config (e.g. with notepad.exe run as an administrator), then set:

    SyslogFacility LOCAL0

    LogLevel Debug3

    Restart the OpenSSH SSH Server service and expect logs to appear in C:\ProgramData\ssh\logs\sshd.log

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.