我的问题是/ var / log / secure中的日志记录完全充斥着来自服务用户admin的请求.这些命令每秒发生多次,并对日志产生相应的影响.他们依靠无密码密钥交换.涉及的 *** 作系统是EL5和EL6.以下示例.
>有没有办法减少这些 *** 作的日志记录量. (按用户?按来源?)
>开发人员是否有更简洁的方法来执行这些ssh执行而不会产生如此多的会话?似乎效率低下.我可以重用现有的连接吗?
示例日志输出:
Jul 24 19:08:54 Cantaloupe sshd[46367]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:54 Cantaloupe sshd[46446]: Accepted publickey for admin from 172.30.27.32 port 33526 ssh2Jul 24 19:08:54 Cantaloupe sshd[46446]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:54 Cantaloupe sshd[46446]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:54 Cantaloupe sshd[46475]: Accepted publickey for admin from 172.30.27.32 port 33527 ssh2Jul 24 19:08:54 Cantaloupe sshd[46475]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:54 Cantaloupe sshd[46475]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:54 Cantaloupe sshd[46504]: Accepted publickey for admin from 172.30.27.32 port 33528 ssh2Jul 24 19:08:54 Cantaloupe sshd[46504]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:54 Cantaloupe sshd[46504]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:54 Cantaloupe sshd[46583]: Accepted publickey for admin from 172.30.27.32 port 33529 ssh2Jul 24 19:08:54 Cantaloupe sshd[46583]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:54 Cantaloupe sshd[46583]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:54 Cantaloupe sshd[46612]: Accepted publickey for admin from 172.30.27.32 port 33530 ssh2Jul 24 19:08:54 Cantaloupe sshd[46612]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:54 Cantaloupe sshd[46612]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:55 Cantaloupe sshd[46641]: Accepted publickey for admin from 172.30.27.32 port 33531 ssh2Jul 24 19:08:55 Cantaloupe sshd[46641]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:55 Cantaloupe sshd[46641]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:55 Cantaloupe sshd[46720]: Accepted publickey for admin from 172.30.27.32 port 33532 ssh2Jul 24 19:08:55 Cantaloupe sshd[46720]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:55 Cantaloupe sshd[46720]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:55 Cantaloupe sshd[46749]: Accepted publickey for admin from 172.30.27.32 port 33533 ssh2Jul 24 19:08:55 Cantaloupe sshd[46749]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:55 Cantaloupe sshd[46749]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:55 Cantaloupe sshd[46778]: Accepted publickey for admin from 172.30.27.32 port 33534 ssh2Jul 24 19:08:55 Cantaloupe sshd[46778]: pam_unix(sshd:session): session opened for user admin by (uID=0)Jul 24 19:08:55 Cantaloupe sshd[46778]: pam_unix(sshd:session): session closed for user adminJul 24 19:08:55 Cantaloupe sshd[46857]: Accepted publickey for admin from 172.30.27.32 port 33535 ssh2解决方法 特别回答有关是否可以减少产生更多SSH连接的开销的问题:是的.您可以使用自OpenSSH 5.5以来存在的ControlMaster功能.这篇博文将有更多细节: http://puppetlabs.com/blog/speed-up-ssh-by-reusing-connections
我不确定这是否会影响记录发生的次数.但是,根据应用程序的编写方式,可以使用此功能而无需实际修改应用程序,只需重新配置OpenSSH即可.假设它甚至使用OpenSSH作为客户端,或者使用具有此支持的其他客户端.这里没有足够的信息可以确定.
总结以上是内存溢出为你收集整理的linux – 重用远程ssh连接并减少命令/会话日志记录的详细程度?全部内容,希望文章能够帮你解决linux – 重用远程ssh连接并减少命令/会话日志记录的详细程度?所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)