Re: sshd logging changed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/12/2016 02:26 PM, Tom Horsley wrote:

I noticed I got a sshd update recently. Now I have bazillions
of messages about disconnects:

Disconnected from NN.NN.NN.NN port 41236 : 1 time(s)
  Received disconnect from NN.NN.NN.NN port 39642:11: disconnected by user : 1 time(s)

Logging in and logging out are are normal activities
in a working ssh. How the devil can I stop this logging
of utterly useless information? (Which for me happens
every 5 minutes due to a cron job I have running at
work that phones home :-).
I don't think these messages were not there before. But the format changed a bit (added port number) and it is not handled by Logwatch as it should be.
Sorry I didn't notice earlier before pushing that into F23. But this needs to be fixed in Logwatch at least for F24. There is patch for the second line, but I have no idea why the first was not visible before. Can you please fill a bug on logwatch? 

Kind regards,

--
Jakub Jelen
Security Technologies
Red Hat


--- /usr/share/logwatch/scripts/services/sshd.old	2015-08-25 10:53:58.000000000 +0200
+++ /usr/share/logwatch/scripts/services/sshd	2015-08-25 10:53:58.000000000 +0200
@@ -383,7 +383,7 @@
       $RefusedConnections{$1}++;
    } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
       $RefusedAuthentication{$Reason}++;
-   } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
+   } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
       # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
       if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
    } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux