<br><font size=2 face="sans-serif">Thank you !</font>
<br>
<br><font size=2 face="sans-serif">the second option (the one you preferred)
was a good bet ! </font>
<br><font size=2 face="sans-serif">I added the lines as you indicate and
that's solved my problem.</font>
<br>
<br><font size=2 face="sans-serif">Best regards,</font>
<br>
<br><font size=2 face="sans-serif">Thomas Seglard</font>
<br>
<br><font size=2><tt>"Schwimmer, Eric E *HS" <EES2Y@hscmail.mcc.virginia.edu>
a écrit sur 02/03/2006 17:31:10 :<br>
<br>
> <br>
> Three posibilities, off the top of my head:<br>
> <br>
> On the client side:<br>
> 1. Install syslog-ng instead of ksyslogd, and<br>
> filter on the ip address of your hobbit server.<br>
> 2. Call your logrotate script (assuming you use one)<br>
> more often, and/or make it compress your old syslog<br>
> messages.<br>
> <br>
> On the hobbit server side:<br>
> (this is my preferred option)<br>
> 1. change your bb-services file ($HOBBIT/server/etc/bb-services)<br>
> so that ssh test sends the version string. I think
that will<br>
> stop your sshd from complaining.<br>
> <br>
> ie.:<br>
> <br>
> [ssh|ssh1|ssh2]<br>
> send "SSH-2.0-OpenSSH_4.1\r\n"<br>
> expect "SSH"<br>
> options banner<br>
> port 22<br>
> <br>
> I think if you disconnect after the version exchange, but<br>
> before the diffie-helman key exchance, sshd wont log anything.<br>
> <br>
> Now, if you arent accepting v2 connections on your clients,<br>
> you'll have to set up a separate [ssh1] stanza that supplies<br>
> an ssh v1 string (SSH-1.5-OpenSSH_4.2) and change your ssh <br>
> statement in your bb-hosts to ssh1 for those machines. <br>
> Otherwise your logs are just going to be filled with<br>
> protocol mismatch messages instead.<br>
> <br>
> HTH,<br>
> <br>
> -Eric Schwimmer<br>
> Network Engineer<br>
> UVA HSCS Network Engineering <br>
> <br>
> > -----Original Message-----<br>
> > From: thomas.seglard.enata@cnp.fr <br>
> > [mailto:thomas.seglard.enata@cnp.fr] <br>
> > Sent: Thursday, March 02, 2006 6:09 AM<br>
> > To: hobbit@hswn.dk<br>
> > Subject: [hobbit] sshd notification in syslog<br>
> > <br>
> > <br>
> > Hello, <br>
> > <br>
> > since deployment of hobbit's client on 200 servers (hpux, <br>
> > aix, sun, linux), I got this message in syslog : <br>
> > <br>
> > Feb 13 12:05:44 psa089 sshd[9813]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:06:47 psa089 sshd[9980]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:07:49 psa089 sshd[10006]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:08:17 psa089 sshd[10012]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:08:48 psa089 sshd[10078]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:09:52 psa089 sshd[10564]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:10:55 psa089 sshd[10871]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:11:57 psa089 sshd[10987]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:13:00 psa089 sshd[11060]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:13:20 psa089 sshd[11065]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:14:02 psa089 sshd[11166]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > Feb 13 12:15:06 psa089 sshd[11297]: Did not receive <br>
> > identification string from 158.157.156.91 <br>
> > <br>
> > Ip address is the one from my hobbit's server <br>
> > (158.157.156.91). This message do not specify that the ssh <br>
> > test failed, so I'm not worried about this. The main problem
<br>
> > is the size of syslog and /var is growing rapidly ! Anyone <br>
> > knows how to prevent this message to be display in syslog ? <br>
> > Thank you ! <br>
> > <br>
> > Thomas Seglard <br>
> > (I'm using Lotus Notes, what a challenge...)<br>
> > <br>
> > Ce message (et toutes ses pieces jointes eventuelles) est <br>
> > confidentiel et etabli a l'intention exclusive de ses destinataires.<br>
> > Toute utilisation de ce message non conforme a sa <br>
> > destination, toute diffusion ou toute publication, totale ou
<br>
> > partielle, est<br>
> > interdite, sauf autorisation expresse.<br>
> > L'internet ne permettant pas d'assurer l'integrite de ce <br>
> > message, CNP Assurances et ses filiales declinent toute responsabilite<br>
> > au titre de ce message, s'il a ete altere, deforme ou falsifie.<br>
> > <br>
> > *****<br>
> > <br>
> > This message and any attachments (the "message") are
<br>
> > confidential and intended solely for the addressees.<br>
> > Any unauthorised use or dissemination is prohibited.<br>
> > E-mails are susceptible to alteration.<br>
> > Neither CNP Assurances nor any of its subsidiaries or <br>
> > affiliates shall be liable for the message if altered, <br>
> > changed or falsified.<br>
> > <br>
> > <br>
> <br>
> To unsubscribe from the hobbit list, send an e-mail to<br>
> hobbit-unsubscribe@hswn.dk<br>
> <br>
> <br>
</tt></font><FONT SIZE=3><BR>
<BR>
Ce message (et toutes ses pieces jointes eventuelles) est confidentiel et etabli a l'intention exclusive de ses destinataires.<BR>
Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est<BR>
interdite, sauf autorisation expresse.<BR>
L'internet ne permettant pas d'assurer l'integrite de ce message, CNP Assurances et ses filiales declinent toute responsabilite<BR>
au titre de ce message, s'il a ete altere, deforme ou falsifie.<BR>
<BR>
*****<BR>
<BR>
This message and any attachments (the "message") are confidential and intended solely for the addressees.<BR>
Any unauthorised use or dissemination is prohibited.<BR>
E-mails are susceptible to alteration.<BR>
Neither CNP Assurances nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.<BR>
</FONT>