LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] LVS HA creates a big amount of log data

To: "lvs-users@xxxxxxxxxxxxxxxxxxxxxx" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] LVS HA creates a big amount of log data
From: Marco Passerini <marco.passerini@xxxxxx>
Date: Tue, 14 Dec 2010 12:33:19 +0200
Hi,

I am administering a system with a pair of servers, which uses LVS. The 
load balancer is installed on the first of the two nodes, and it's 
configured to run checks to the SSH port every few seconds.

virtual servername.domain.com{
      active = 1
      port = 22
      expect = "SSH"
      send_program = "/etc/sysconfig/ha/check_ssh_wrap.py %h"
      [...]
}

The script which I am running wraps the Nagios plugin in order to verify 
whether the SSH service is active or not. I believe that the plugin 
starts a handshake and it closes it immediately.
Every time the test is run, the following messages appear in 
/var/log/secure:

On Host1:
Dec 14 12:15:53 host1 sshd[27489]: Connection closed by UNKNOWN

On Host 2:
Dec 14 12:15:53 host2 sshd[2543]: Connection closed by *.*.*.*
(where *.*.*.* is the IP of host1)

The log level of sshd is currently set to INFO and I would like to keep 
it like that.

I am annoyed by the fact that the secure logs get cluttered by these 
messages.
What would be the best solution not to see them there anymore, without 
affecting the system security? I tried different ways of testing the SSH 
port, but apparently sshd is so good  that it logs any scan attempt.

Best Regards.


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] LVS HA creates a big amount of log data, Marco Passerini <=