OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: qinohe on November 05, 2019, 12:16:12 am
-
Hi there, I got an pm from another forum member asking me how to disable sshd logging.
Now I never bothered, but his question is valid, he is just like me using https://checkmk.com/ (https://checkmk.com/)
Checks are flooding the logs every minute there are some writes, in case of problems it is very hard to deal with other writes in the log.
Now I don't think it is necessary to disable logging but sshd_config already offers this possibility in the form of 'LogLevel'(see: man sshd_config). I have tried to set it in ' /usr/local/etc/ssh/sshd_config' but is removed after sshd restart.
Is it possible 'LogLevel' is added to the GUI so we can set something like 'ERROR QUIET' etc. ?
Or it may be even better to completely give sshd it's own LOG.
I hope This not a very big work to create but I'm sure some of us would be very happy if you would consider and if you do please consider the last one ;D
Greetings and Thanks, mark
-
Hi mark,
SSH is one of the hardcoded components of old. We could build a template, but that would still require design decisions such as: how much SSH do we need to configure? If it's too much will it get a separate page? Who will maintain it?
So another approach would be to see if SSH config can actually do include statements or we need a hybrid approach of templating + static include files.
Not sure how to proceed. What do you think?
Cheers,
Franco
-
Hi Franco, thanks for your answer, I get the picture...
Don't touch the hard-coded parts ;D I'm definitely not the one to make this kind of decisions but as simple and easy as possible would be my idea. My first thought also was to use a statement to separate them. Hack I could even use a shell script to do the job and read my sshd logs in the terminal. My skills end there...
Maybe a better question would be how many people would actually like to have a separate log or some form of control.
Greetings
mark
-
Was playing around a bit with some SED to discover it break the logfile..
The first rule I created with some help reading forum post this worked for separating the log into two files: system.log & sshd.log.
I used this one on Linux but did not get it to work on OPNsense
sed -i .bak -e '/sshd/w /tmp/sshd-log-tmpfile' -e '$e cat /tmp/sshd-log-tmpfile >> /var/log/sshd.log && rm /tmp/sshd-log-tmpfile' -e '//d' /var/log/sys.log
The next on actually works but does not append to sshd,log but overwrites it...
sed -E -i .bak -e '/sshd/w /var/log/sshd.log' -e '//d' /var/log/system.log
The GUI gives: File /var/log/system.log yielded no results.
Clog gives:clog: ERROR: could not write output (Invalid argument)
Well it is more complicated than meets the eye, this fucks up the log file and breaks it.
I have tried csplit but it didn't get the results I would like, I did not even clog the files...
Just how should you approach this and separate a logfile and keep a readable log?
The idea was to do something like this:
*/10 * * * * root sed -E -i .bak -e '/sshd/w /tmp/sshd-log-tmpfile' -e '$e cat /tmp/sshd-log-tmpfile >> /var/log/sshd.log && rm /tmp/sshd-log-tmpfile' -e '//d' /var/log/sys.log
I know this is not a good solution for the above problem, just playing ;)
Thanks, mark