Date: Mon, 18 Sep 2023 14:58:54 +0200 From: Yuri <yuri@aetern.org> To: questions@freebsd.org Subject: Re: Quieting SSHd messages to the console Message-ID: <fe2ddd39-5716-411d-9cc1-54b693ae46e7@aetern.org> In-Reply-To: <f0da300e-5922-4c8f-b2f3-184a05fbc9b4@aetern.org> References: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org> <f0da300e-5922-4c8f-b2f3-184a05fbc9b4@aetern.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yuri wrote: > Dan Mahoney (Gushi) wrote: >> All, >> >> Sometimes, like when doing an upgrade on my system, I want to use the >> console. >> >> I want to get a message on the console when a user su's (auth.notice). >> That seems pretty critical. >> >> I do not want to get logs on the console for every other ssh session >> that fails to complete because the internet is full of bots. >> >> Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: >> Fssh_kex_exchange_identification: Connection closed by remote host >> >> Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication >> error for illegal user test from 78.38.71.249 >> >> What goes to the console in /etc/syslog.conf is: >> >> *.err;kern.warning;auth.notice;mail.crit /dev/console >> >> Is there a way to say "everything else.err, but not auth.err"? > > It's a bit more complicated than that, *.err is "any facility with level >> = err", but then we have overriding selector auth.notice which is "auth > facility with level >= notice". You could make the latter read > "auth.=notice" but then you are missing ALL other levels, "auth.!=err" > would print ALL level except err, which will make it really verbose > (opposite of what's wanted here). And I don't see a way to say 'auth > facility with level >= notice AND level != err'. > > What you could do here is silence those messages from sshd itself by > means of LogVerbose and overriding that specific file/function with a > QUIET level (didn't try, just reading the sshd_config man page). Looks like that option only allows to make it even more verbose (it's in name so no surprise), not override the level, sorry for the noise.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fe2ddd39-5716-411d-9cc1-54b693ae46e7>