AnsweredAssumed Answered

secure 2.3 GB file under /var/log

Question asked by Deepanshu Sood on Aug 9, 2016
Latest reply on Aug 9, 2016 by Deepanshu Sood

Hi,

 

I have one Virtual log collector running on v 10.4.0.2 and what i observed in that VLC, that there is one file which is being created under /var/log/ and the file name is secure and it have a size of more 2.3 GB, which i have deleted many times, but after some time it again gets appeared at the same location which is slowing down the vlc.

 

And below are some line of logs which are in the file if if i look into it.

 

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug1: user sftp matched group list uploads at line 159

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: match found

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:160 setting ChrootDirectory /var/netwitness/logcollector/upload_chroot

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:161 setting X11Forwarding no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:162 setting AllowTcpForwarding no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:163 setting PasswordAuthentication no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: auth_shadow_acctexpired: today 17022 sp_expire -1 days left -17023

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: account expiration disabled

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_send entering: type 8

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug2: monitor_read: 7 used once, disabling now

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_receive entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug2: input_userauth_request: setting up authctxt for sftp

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authserv entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 3

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authrole entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 4

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_auth2_read_banner entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 9

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_receive_expect entering: type

 

 

 

So I am just wondering that why the logs are being generating and how to get rid from them.

Kindly advise. Thanks.

 

Regards,

Deepanshu Sood.

Outcomes