I'm just wondering about the best way to filter my sshd logs. The problem is that I monitor my boxes over SSH using Nagios and Cacti. They both connect every 5 mins and this clogs up my log files with loads of entries making it difficult to do a quick 'tail' to see what's going on.
I'd like to have all logins from my monitoring user (on a specific IP) logged in a separate file.
Ideally I'd avoid installing syslog-ng or similar. I would have to set this up on a variety of Ubuntu, CentOS and FreeBSD machines (running a variety of OpenSSH versions), so it will make life easier if I can do this without additional software.
Any recommendations on how to achieve this?
Thanks!
Best Answer
You could do something like this:
or