Hi,
I have one Virtual log collector running on v 10.4.0.2 and what i observed in that VLC, that there is one file which is being created under /var/log/ and the file name is secure and it have a size of more 2.3 GB, which i have deleted many times, but after some time it again gets appeared at the same location which is slowing down the vlc.
And below are some line of logs which are in the file if if i look into it.
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug1: user sftp matched group list uploads at line 159
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: match found
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:160 setting ChrootDirectory /var/netwitness/logcollector/upload_chroot
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:161 setting X11Forwarding no
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:162 setting AllowTcpForwarding no
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:163 setting PasswordAuthentication no
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: auth_shadow_acctexpired: today 17022 sp_expire -1 days left -17023
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: account expiration disabled
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_send entering: type 8
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug2: monitor_read: 7 used once, disabling now
Aug 9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_receive entering
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug2: input_userauth_request: setting up authctxt for sftp
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authserv entering
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 3
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authrole entering
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 4
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_auth2_read_banner entering
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 9
Aug 9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_receive_expect entering: type
So I am just wondering that why the logs are being generating and how to get rid from them.
Kindly advise. Thanks.
Regards,
Deepanshu Sood.
Hi Sood,
This is due to that debug logs are written to the /var/log/secure file. Debug logs are often not a good idea to keep on. Please send me the content of the "/etc/rsyslog.conf" so I can check.
Best regards
Khaled