Skip to content


如何禁止npre连接日志输出到/var/log/message中

nrpe 会在messages中留下大量连接记录,影响日志阅读
我的nrpe以daemon方式运行

  1. /opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg -d

tail /var/log/messages

  1. Jul 19 14:04:22 C1gstudio sshd[20749]: Connection closed by 122.111.222.111 [preauth]
  2. Jul 19 14:09:22 C1gstudio sshd[21056]: Connection closed by 122.111.222.111 [preauth]

查看ssh当前的日志记录方式默认为 auth.info
cat /etc/ssh/sshd_config

  1. # Logging
  2. # obsoletes QuietMode and FascistLogging
  3. #SyslogFacility AUTH
  4. #LogLevel INFO

修改ssh日志输出
vi /etc/syslog.conf

  1. *.info;mail.none;authpriv.none;cron.none;    /var/log/messages
  2. #在尾部添加!auth.info 不再将ssh记录输出到/var/log/messages
  3. *.info;mail.none;authpriv.none;cron.none;auth.!=info     /var/log/messages
  4. #新增一行,将ssh日志输出到/var/log/sshd
  5. auth.*                      /var/log/sshd

重新载入syslog服务
/etc/init.d/syslog reload

查看修改后效果
tail -f /var/log/messages /var/log/sshd

ssh的连接日志会保存在/var/log/sshd中,nrpe本身的启动等日志还是在/var/log/messages中

2012-08-01更新=============
/etc/syslog.conf中应为;auth.!=info不是;!auth.info
可以用logger测试
logger -p auth.info “hello”

Posted in Nagios, 技术, 日志.

Tagged with , , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.