nrpe 会在messages中留下大量连接记录,影响日志阅读
我的nrpe以daemon方式运行
/opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg -d
tail /var/log/messages
Jul 19 14:04:22 C1gstudio sshd[20749]: Connection closed by 122.111.222.111 [preauth]
Jul 19 14:09:22 C1gstudio sshd[21056]: Connection closed by 122.111.222.111 [preauth]
查看ssh当前的日志记录方式默认为 auth.info
cat /etc/ssh/sshd_config
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
修改ssh日志输出
vi /etc/syslog.conf
*.info;mail.none;authpriv.none;cron.none; /var/log/messages
#在尾部添加!auth.info 不再将ssh记录输出到/var/log/messages
*.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages
#新增一行,将ssh日志输出到/var/log/sshd
auth.* /var/log/sshd
重新载入syslog服务
/etc/init.d/syslog reload
查看修改后效果
tail -f /var/log/messages /var/log/sshd
ssh的连接日志会保存在/var/log/sshd中,nrpe本身的启动等日志还是在/var/log/messages中
2012-08-01更新=============
/etc/syslog.conf中应为;auth.!=info不是;!auth.info
可以用logger测试
logger -p auth.info “hello”
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.