Date: Mon, 18 Sep 2023 14:46:11 +0200 From: Yuri <yuri@aetern.org> To: questions@freebsd.org Subject: Re: Quieting SSHd messages to the console Message-ID: <f0da300e-5922-4c8f-b2f3-184a05fbc9b4@aetern.org> In-Reply-To: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org> References: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Mahoney (Gushi) wrote: > All, > > Sometimes, like when doing an upgrade on my system, I want to use the > console. > > I want to get a message on the console when a user su's (auth.notice). > That seems pretty critical. > > I do not want to get logs on the console for every other ssh session > that fails to complete because the internet is full of bots. > > Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: > Fssh_kex_exchange_identification: Connection closed by remote host > > Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication > error for illegal user test from 78.38.71.249 > > What goes to the console in /etc/syslog.conf is: > > *.err;kern.warning;auth.notice;mail.crit /dev/console > > Is there a way to say "everything else.err, but not auth.err"? It's a bit more complicated than that, *.err is "any facility with level >= err", but then we have overriding selector auth.notice which is "auth facility with level >= notice". You could make the latter read "auth.=notice" but then you are missing ALL other levels, "auth.!=err" would print ALL level except err, which will make it really verbose (opposite of what's wanted here). And I don't see a way to say 'auth facility with level >= notice AND level != err'. What you could do here is silence those messages from sshd itself by means of LogVerbose and overriding that specific file/function with a QUIET level (didn't try, just reading the sshd_config man page).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f0da300e-5922-4c8f-b2f3-184a05fbc9b4>