[rsyslog-notify] Forum Thread: Re: from host exclusion - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Oct 2 13:14:52 CEST 2014
User: jdc
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24970#p24970
Message:
----------
Thanks for the reply,
Because of the following line :
[code:3krrd6kd]
authpriv.* /var/log/secure
[/code:3krrd6kd]
Every ssh connection attempts is logged to /var/log/secure, what I need is
to continue logging these attempts to this file but just excluding the ones
from "192.168.200.111".
The lines I don't wan't to see anymore on the /var/log/secure file are the
following :
[code:3krrd6kd]
chicago sshd[8575]: Invalid user toto from
192.168.200.111
chicago sshd[8576]: input_userauth_request: invalid user
toto
chicago sshd[8575]: pam_unix(sshd:auth): check pass;
user unknown
chicago sshd[8575]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=inflin01.xxx.int
chicago sshd[8575]: pam_succeed_if(sshd:auth): error
retrieving information about user toto
sshd[8575]: Failed password for invalid user toto from
192.168.200.111 port 37998 ssh2
[/code:3krrd6kd]
More information about the rsyslog-notify
mailing list