[H-GEN] How does one configure ssh/sshd to send log entries to a log file on a remote server?

[Arjen Lentz]

Hi,

On 09/04/2008, at 10:28 AM, List Puppy wrote:
> I'm pretty sure this is quite simple to achieve, I just haven't found
> anything in man pages that gives me appropriate clues. :-(
>
> I have a situation where a number of small cron jobs run every few
> minutes.  These jobs use ssh to 'talk' to other boxes on the network.
> Even with loglevel set to its lowest, there is a log entry generated
> for every ssh connection made.  The /var partition is relatively
> small, so can fill very quickly.
>
> For lots of reasons, we don't want to stop logging altogether, and we
> can't increase the /var partition.  We can make a large partition
> available on a network server to accept logging information from other
> servers.
>
> One suggestion made was to simply delete the /var/log/secure file when
> it was too big.  That was rejected outright, as most of you would no
> doubt understand.


You could run an additional task after doing the usual logrotate, that  
filters out the normal non-interesting entries from the file but  
leaves the rest for your archive. That way you'll always have all info  
in the current log, and less in archives.

Also, depending on the type of tasks (do they need shell), consider  
tools like stunnel so that there's just a secure connection between  
the machines that tasks can use. Combine this with something like  
Gearman (http://danga.com/gearman/) and you have a fairly neat  
infrastructure.


Cheers,
Arjen.
-- 
Arjen Lentz, Owner @ Open Query (http://openquery.com.au/)
Based in Brisbane, Australia - ph. +61-7-3103 0809
Open Source Experts, MySQL Specialists

Director of OSIA (http://osia.net.au/) Open Source Industry Australia
Australia's industry body for OSS - be counted!