Re: Quieting SSHd messages to the console

Yuri wrote:
> Dan Mahoney (Gushi) wrote:
>> All,
>>
>> Sometimes, like when doing an upgrade on my system, I want to use the
>> console.
>>
>> I want to get a message on the console when a user su's (auth.notice).
>> That seems pretty critical.
>>
>> I do not want to get logs on the console for every other ssh session
>> that fails to complete because the internet is full of bots.
>>
>> Sep 18 08:42:31 <auth.err> prime sshd[3098]: error:
>> Fssh_kex_exchange_identification: Connection closed by remote host
>>
>> Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication
>> error for illegal user test from 78.38.71.249
>>
>> What goes to the console in /etc/syslog.conf is:
>>
>> *.err;kern.warning;auth.notice;mail.crit                /dev/console
>>
>> Is there a way to say "everything else.err, but not auth.err"?
> 
> It's a bit more complicated than that, *.err is "any facility with level
>> = err", but then we have overriding selector auth.notice which is "auth
> facility with level >= notice".  You could make the latter read
> "auth.=notice" but then you are missing ALL other levels, "auth.!=err"
> would print ALL level except err, which will make it really verbose
> (opposite of what's wanted here).  And I don't see a way to say 'auth
> facility with level >= notice AND level != err'.
> 
> What you could do here is silence those messages from sshd itself by
> means of LogVerbose and overriding that specific file/function with a
> QUIET level (didn't try, just reading the sshd_config man page).

Looks like that option only allows to make it even more verbose (it's in
name so no surprise), not override the level, sorry for the noise.