HPE Community
Operating System - HP-UX
1753774 Members
6862 Online
108799 Solutions
New Discussion юеВ

Re: ssh log in syslog

 
Khashru
Valued Contributor

тАО05-23-2011 09:53 PM

тАО05-23-2011 09:53 PM

ssh log in syslog

When ever someone logs in to the system using ssh there is an entry in the syslog. I want to disable this for a particular user.

I want sshd to log every one except that user in syslog. Can it be done.
0 Kudos
Reply
4 REPLIES 4
rariasn
Honored Contributor

тАО05-24-2011 02:57 AM - last edited on тАО07-07-2011 08:51 AM by

тАО05-24-2011 02:57 AM - last edited on тАО07-07-2011 08:51 AM by

Re: ssh log in syslog

Hi:

http://h30499.www3.hp.com/t5/System-Administration/how-to-filter-sshd-in-syslog-log-to-other-file/m-p/3125831#M151983

rgs,

0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО05-24-2011 06:58 AM

тАО05-24-2011 06:58 AM

Re: ssh log in syslog

As the thread referenced in the first response explains, you can change the log file of the sshd to something other than syslog.log but this change is global to all ssh users not only to a single one.

What you are doing is quite suspicious and will raise eyebrows when you go through an audit and your scheme gets found out. As if you are trying to hide the actions of some user, by hiding his/her logins to the system. Very bad idea in my opinion, despite how good your intentions might be (don't know how can there be any good intentions for such a setup though but giving it the benefit of the doubt here)
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Khashru
Valued Contributor

тАО05-24-2011 03:35 PM

тАО05-24-2011 03:35 PM

Re: ssh log in syslog

We use nagis monitoring to monitor the system and it uses ssh login. It logs in to the system tousands times a day. I donot want unnecessary information in the syslog. This will reduce the size of syslog and i will be able to find the important information from syslog.
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО05-25-2011 05:18 AM

тАО05-25-2011 05:18 AM

Re: ssh log in syslog

So the entries come from check_by_ssh Nagios checks I suppose.
Running local checks via nrpe wouldn't be an option?
Or you could reverse from Nagios actively polling the host a thousand times a day to sending only non-ok check results a few times a month via nsca to the nagios server.
Maybe you could also SyslogFacility in your sshd's sshd_config to some localX facility and configure the host's syslogd to pipe it into a filter which would strip off check_by_ssh connects from the nagios server?
Madness, thy name is system administration
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.