A probable useful feature
Nico Kadel-Garcia
nkadel at gmail.com
Sun Jan 1 07:52:42 EST 2012
On Sat, Dec 31, 2011 at 10:23 AM, Peter Stuge <peter at stuge.se> wrote:
> Vahab Shalchian wrote:
>> Some monitoring softwares like Manage Engine Application Manager use a
>> monitoring user which logins to a servers every 5 minutes via SSH so
>> sometimes we need to be able to exclude this user from being recorded to
>> wtmp,utmp files.
>
> I think you should filter this away when reading those files instead.
>
> As an alternative, perhaps you can configure the user to not be
> allowed to allocate a pty, in which case you may not get as much
> records of the login in *tmp.
Configuring SSH for remote monitoring access is CPU intensive on both
ends, and carries significant network overhead. This is inherent in a
highly secure protocol with lots of flexibility.
If you don't need the flexibility, you might instead prefer SNMP
properly configured or NRPE, both of which rely on locally running
daemons and thus do not create a new login event such as you are
seeing.
More information about the openssh-unix-dev
mailing list