Is there an easy way to not log a specific sshd event?

Have you looked at the documentation?

There is a LogLevel QUIET|FATAL|ERROR|INFO which defaults to info.

LogLevel ERROR turned off these spammy login messages.


Without writing a script to parse through /var/log/messages and remove those lines (which is a possibility, you could even run it through cron), you'll be disabling or redirecting all of ssh's output. This isn't the best idea seeing you might get some relevant logs that you'll want to see.

What I would do is write something like this:

#! /bin/bash
sed "/$search/d" /var/log/messages >/var/log/tmp
mv /var/log/tmp /var/log/messages

Save this somewhere safe and have cron run it every day or so. I don't know the frequency at which your provider runs sshd so you can adjust the run time to suit your needs. For more information on adding a rule to cron (cronjob), see this very good tutorial.

Conversely, if you have access to the script that launches ssh (which I doubt you do) and you're able to edit it (which I doubt you can), you can invoke ssh using ssh -q. The q argument makes ssh run "quietly", which means nothing gets logged. This is risky and should be avoided. If you're able to edit the file, I would check with your hosting provider to make sure it is within your agreement.

Alternatively, you could contact your provider, explain your issue and ask them if there is something they can do (or let you do) to modify the ssh daemon.


TL;DR As far as I know, it isn't possible to stop only one message from ssh. However, you can parse your message file at specific intervals to clean up those lines, or if you can find where your provider launches sshd, you can send it the quiet command.

Tags:

Freebsd

Sshd

Logs