Re: Quieting SSHd messages to the console
- In reply to: Yuri : "Re: Quieting SSHd messages to the console"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Sep 2023 12:58:54 UTC
Yuri wrote: > Dan Mahoney (Gushi) wrote: >> All, >> >> Sometimes, like when doing an upgrade on my system, I want to use the >> console. >> >> I want to get a message on the console when a user su's (auth.notice). >> That seems pretty critical. >> >> I do not want to get logs on the console for every other ssh session >> that fails to complete because the internet is full of bots. >> >> Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: >> Fssh_kex_exchange_identification: Connection closed by remote host >> >> Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication >> error for illegal user test from 78.38.71.249 >> >> What goes to the console in /etc/syslog.conf is: >> >> *.err;kern.warning;auth.notice;mail.crit /dev/console >> >> Is there a way to say "everything else.err, but not auth.err"? > > It's a bit more complicated than that, *.err is "any facility with level >> = err", but then we have overriding selector auth.notice which is "auth > facility with level >= notice". You could make the latter read > "auth.=notice" but then you are missing ALL other levels, "auth.!=err" > would print ALL level except err, which will make it really verbose > (opposite of what's wanted here). And I don't see a way to say 'auth > facility with level >= notice AND level != err'. > > What you could do here is silence those messages from sshd itself by > means of LogVerbose and overriding that specific file/function with a > QUIET level (didn't try, just reading the sshd_config man page). Looks like that option only allows to make it even more verbose (it's in name so no surprise), not override the level, sorry for the noise.