Instrumentation for metrics

Philipp Marek philipp at
Tue Jan 21 18:05:32 AEDT 2020

> This makes me think that the syslog approach is probably the way to go

Yeah, right.
Another idea is to mirror the current preauth load via setproctitle()...
That makes that data accessible even without a syscall (at least the
writing of the data - quering needs syscalls, right), so that can be
kept up-to-date and allows a high monitoring frequency as well.

Multiple instances of SSHd (on different ports) are easily distinguished
as well.

> unless someone can come up with other stuff that would be a) worth 
> reading
> and b) accessible.

Data that I would like to see logged is the utime information of child
processes - how much user/sys time the processes took, memory usage,
and some more.

I imagine a single-line output with SSHd pid, session ID, user,
child PID, and the accounting data - that would be nice to have.

The parallel ongoing discussion about ControlMaster reminds me that
one SSH connection might drop multiple such log lines...

More information about the openssh-unix-dev mailing list