Hi,
I am administering a system with a pair of servers, which uses LVS. The
load balancer is installed on the first of the two nodes, and it's
configured to run checks to the SSH port every few seconds.
virtual servername.domain.com{
active = 1
port = 22
expect = "SSH"
send_program = "/etc/sysconfig/ha/check_ssh_wrap.py %h"
[...]
}
The script which I am running wraps the Nagios plugin in order to verify
whether the SSH service is active or not. I believe that the plugin
starts a handshake and it closes it immediately.
Every time the test is run, the following messages appear in
/var/log/secure:
On Host1:
Dec 14 12:15:53 host1 sshd[27489]: Connection closed by UNKNOWN
On Host 2:
Dec 14 12:15:53 host2 sshd[2543]: Connection closed by *.*.*.*
(where *.*.*.* is the IP of host1)
The log level of sshd is currently set to INFO and I would like to keep
it like that.
I am annoyed by the fact that the secure logs get cluttered by these
messages.
What would be the best solution not to see them there anymore, without
affecting the system security? I tried different ways of testing the SSH
port, but apparently sshd is so good that it logs any scan attempt.
Best Regards.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|