[lvs-users] LVS HA creates a big amount of log data

Marco Passerini marco.passerini at csc.fi
Tue Dec 14 10:33:19 GMT 2010


I am administering a system with a pair of servers, which uses LVS. The 
load balancer is installed on the first of the two nodes, and it's 
configured to run checks to the SSH port every few seconds.

virtual servername.domain.com{
      active = 1
      port = 22
      expect = "SSH"
      send_program = "/etc/sysconfig/ha/check_ssh_wrap.py %h"

The script which I am running wraps the Nagios plugin in order to verify 
whether the SSH service is active or not. I believe that the plugin 
starts a handshake and it closes it immediately.
Every time the test is run, the following messages appear in 

On Host1:
Dec 14 12:15:53 host1 sshd[27489]: Connection closed by UNKNOWN

On Host 2:
Dec 14 12:15:53 host2 sshd[2543]: Connection closed by *.*.*.*
(where *.*.*.* is the IP of host1)

The log level of sshd is currently set to INFO and I would like to keep 
it like that.

I am annoyed by the fact that the secure logs get cluttered by these 
What would be the best solution not to see them there anymore, without 
affecting the system security? I tried different ways of testing the SSH 
port, but apparently sshd is so good  that it logs any scan attempt.

Best Regards.

More information about the lvs-users mailing list