Date: Tue, 19 Sep 2023 19:47:51 +0300 From: Lena@lena.kiev.ua To: "Dan Mahoney (Gushi)" <freebsd@gushi.org> Cc: questions@freebsd.org Subject: Re: Quieting SSHd messages to the console Message-ID: <20230919164751.GJ974@lena.kiev> In-Reply-To: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org> References: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I want to get a message on the console when a user su's (auth.notice). > That seems pretty critical. > > I do not want to get logs on the console for every other ssh session that > fails to complete because the internet is full of bots. > > Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: > Fssh_kex_exchange_identification: Connection closed by remote host > > Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication > error for illegal user test from 78.38.71.249 > > What goes to the console in /etc/syslog.conf is: > > *.err;kern.warning;auth.notice;mail.crit /dev/console > > Is there a way to say "everything else.err, but not auth.err"? May be not exactly what you want, but I use LogLevel QUIET in /etc/ssh/sshd_config (sshd invoked from inetd).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230919164751.GJ974>