sshd logging

[qinohe]

Hi there, I got an pm from another forum member asking me how to disable sshd logging.
Now I never bothered, but his question is valid, he is just like me using https://checkmk.com/
Checks are flooding the logs every minute there are some writes, in case of problems it is very hard to deal with other writes in the log.
Now I don't think it is necessary to disable logging but sshd_config already offers this possibility in the form of 'LogLevel'(see: man sshd_config). I have tried to set it in ' /usr/local/etc/ssh/sshd_config' but is removed after sshd restart.
Is it possible 'LogLevel' is added to the GUI so we can set something like 'ERROR QUIET' etc. ?
Or it may be even better to completely give sshd it's own LOG.
I hope This not a very big work to create but I'm sure some of us would be very happy if you would consider and if you do please consider the last one ;D

Greetings and Thanks, mark

[franco]

Hi mark,

SSH is one of the hardcoded components of old. We could build a template, but that would still require design decisions such as: how much SSH do we need to configure? If it's too much will it get a separate page? Who will maintain it?

So another approach would be to see if SSH config can actually do include statements or we need a hybrid approach of templating + static include files.

Not sure how to proceed. What do you think?


Cheers,
Franco

[qinohe]

Hi Franco, thanks for your answer, I get the picture...

Don't touch the hard-coded parts  ;D I'm definitely not the one to make this kind of decisions but as simple and easy as possible would be my idea. My first thought also was to use a statement to separate them. Hack I could even use a shell script to do the job and read my sshd logs in the terminal. My skills end there...

Maybe a better question would be how many people would actually like to have a separate log or some form of control.

Greetings
mark

[qinohe]

Was playing around a bit with some SED to discover it break the logfile..
The first rule I created with some help reading forum post this worked for separating the log into two files: system.log & sshd.log.
I used this one on Linux but did not get it to work on OPNsense

Code Select Expand

sed -i .bak -e '/sshd/w /tmp/sshd-log-tmpfile' -e '$e cat /tmp/sshd-log-tmpfile >> /var/log/sshd.log && rm /tmp/sshd-log-tmpfile' -e '//d' /var/log/sys.log

The next on actually works but does not append to sshd,log but overwrites it...

Code Select Expand

sed -E -i .bak -e '/sshd/w /var/log/sshd.log' -e '//d' /var/log/system.log

The GUI gives: File /var/log/system.log yielded no results.
Clog gives:clog: ERROR: could not write output (Invalid argument)

Well it is more complicated than meets the eye, this fucks up the log file and breaks it.
I have tried csplit but it didn't get the results I would like, I did not even clog the files...

Just how should you approach this and separate a logfile and keep a readable log?
The idea was to do something like this:

Code Select Expand

*/10 * * * * root sed -E -i .bak -e '/sshd/w /tmp/sshd-log-tmpfile' -e '$e cat /tmp/sshd-log-tmpfile >> /var/log/sshd.log && rm /tmp/sshd-log-tmpfile' -e '//d' /var/log/sys.log

I know this is not a good solution for the above problem, just playing ;)

Thanks, mark