This makes me think that the syslog approach is probably the way to go
Yeah, right.
Another idea is to mirror the current preauth load via setproctitle()...
That makes that data accessible even without a syscall (at least the
writing of the data - quering needs syscalls, right), so that can be
kept up-to-date and allows a high monitoring frequency as well.
Multiple instances of SSHd (on different ports) are easily distinguished
as well.
unless someone can come up with other stuff that would be a) worth
reading
and b) accessible.
Data that I would like to see logged is the utime information of child
processes - how much user/sys time the processes took, memory usage,
and some more.
I imagine a single-line output with SSHd pid, session ID, user,
child PID, and the accounting data - that would be nice to have.
The parallel ongoing discussion about ControlMaster reminds me that
one SSH connection might drop multiple such log lines...
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
