Question & Answer
Question
How do we stop sshd from excessive logging authentication messages to syslog.
Answer
If your system is being overwhelmed with messages such as the ones below,
and you don't want to keep track of authentication messages you can set sshd
to LogLevel QUIET.
===============================================================================
May 20 09:08:00 host1 auth|security:info sshd[14352622]: Authentication tried for wasadmin with
correct key but not from a permitted host (host=10.10.10.10, ip=10.10.10.10.1).
===============================================================================
This is normal default behavior for sshd. If you do no want sshd to send these messages turn off the feature that does this. Please see below.
#vi /etc/ssh/sshd_config
Search for the following "LogLevel". As you can see the default for syslog logging is AUTH and INFO , which is why you are seeing the informational authentication messages in syslog.
#SyslogFacility AUTH
#LogLevel INFO
Change this to the following.
SyslogFacility AUTH
LogLevel QUIET
Save the file...
# stopsrc -s sshd
# starsrc -s sshd
The possible values for LogLevel are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1012793