Re: sshd logging changed?

Mon, 14 Mar 2016 02:33:51 -0700 

On 03/12/2016 02:26 PM, Tom Horsley wrote:

I noticed I got a sshd update recently. Now I have bazillions
of messages about disconnects:

Disconnected from NN.NN.NN.NN port 41236 : 1 time(s)
  Received disconnect from NN.NN.NN.NN port 39642:11: disconnected by user : 1 
time(s)

Logging in and logging out are are normal activities
in a working ssh. How the devil can I stop this logging
of utterly useless information? (Which for me happens
every 5 minutes due to a cron job I have running at
work that phones home :-).
I don't think these messages were not there before. But the format changed a bit (added port number) and it is not handled by Logwatch as it should be.
Sorry I didn't notice earlier before pushing that into F23. But this needs to be fixed in Logwatch at least for F24. There is patch for the second line, but I have no idea why the first was not visible before. Can you please fill a bug on logwatch? 

Kind regards,

--
Jakub Jelen
Security Technologies
Red Hat


--- /usr/share/logwatch/scripts/services/sshd.old	2015-08-25 10:53:58.000000000 +0200
+++ /usr/share/logwatch/scripts/services/sshd	2015-08-25 10:53:58.000000000 +0200
@@ -383,7 +383,7 @@
       $RefusedConnections{$1}++;
    } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
       $RefusedAuthentication{$Reason}++;
-   } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
+   } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
       # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
       if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
    } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Reply via email to