How to stop sshd from excessive logging to syslog.

Question & Answer

Question

How do we stop sshd from excessive logging authentication messages to syslog.

Answer

If your system is being overwhelmed with messages such as the ones below,
and you don't want to keep track of authentication messages you can set sshd
to LogLevel QUIET.

===============================================================================
May 20 09:08:00 host1 auth|security:info sshd[14352622]: Authentication tried for wasadmin with
correct key but not from a permitted host (host=10.10.10.10, ip=10.10.10.10.1).

===============================================================================

This is normal default behavior for sshd. If you do no want sshd to send these messages turn off the feature that does this. Please see below.

#vi /etc/ssh/sshd_config
Search for the following "LogLevel". As you can see the default for syslog logging is AUTH and INFO , which is why you are seeing the informational authentication messages in syslog.

#SyslogFacility AUTH
#LogLevel INFO

Change this to the following.

SyslogFacility AUTH
LogLevel QUIET

Save the file...

# stopsrc -s sshd
# starsrc -s sshd

The possible values for LogLevel are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output.

[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"APARs - AIX 6.1 environment","Platform":[{"code":"PF002","label":"AIX"}],"Version":"6.1","Edition":"Standard","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Tips

How to stop sshd from excessive logging to syslog.

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?