How to truncate the ssh session logs recorded

SSH Log Rotation | Prune SSH logs recorded | 

In order to prevent a full disk its is important to prune the ssh log files regularly.  It is possible to auto-delete logs when the log size exceeds a limit.

Navigate to Settings->Security->Miscellaneous->Log space threshold 

https://www.ezeelogin.com/user_manual/Miscellaneous.html

 

You can also set the period for which the ssh user  log and the rdp user  logs has to be retained in the  system after which it would be truncated by daily cronjobs. A value 0 means the logs would be retained for ever.

Navigate to Settings->Security->Miscellaneous->Log Retain Duration


Set a cronjob for root user  to run daily or once a week so that log files stored on the server in the directory ( /var/log/ezlogin/ )  are truncated when it exceeds a particular size or when it older than the specified number of days.

The path to the command that needs to be set in cron is

0 6 * * * php /usr/local/ezlogin/house_keeping.php   

The ssh log files recorded are stored in the directory /var/log/ezlogin/full , /var/log/ezlogin/input, /var/log/ezlogin/output, /var/log/ezlogin/rdp.  The 'full' directory store the entire ssh sessions. The 'input' directory store the recording from the STDIN . The 'output' directory stores the recording from the STDOUT and the 'rdp' directory stores the rdp session recorded. 

 

Deleting SSH recording from the GUI.

 You can also delete ssh log from the GUI by selecting the ssh log session and by clicking on the trash icon.  

truncate-ssh-log-file

Ensure the housekeeping script is set to run in cron (  0 6 * * * php /usr/local/ezlogin/house_keeping.php ) so that the ssh sessions recorded which are stored in  files are deleted from the backend server.  You may also run the command manually to ensure that files are deleted from the backend almost instantly . You may wonder why the ssh log recorded stored in the directory /var/log/ezlogin is not deleted when the ssh recording is deleted from the gui, this is because the webserver user does not have the privileges to delete the ssh log recording in the ownership of the ssh gateway user.

 

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    How to migrate the custom server fields from Ezeelogin version 7.0 to the latest version?
    Viewed 110 times since Thu, Jul 16, 2020
    Configuration and error log files to check for troubleshooting
    Viewed 5038 times since Thu, Jun 15, 2017
    How to import servers from a file into Ezeelogin ssh gateway?
    Viewed 2869 times since Fri, Sep 1, 2017
    Backup Ezeelogin failed during Ezeelogin version upgrade
    Viewed 26 times since Tue, Jul 28, 2020
    Migrate jump server installation from one server to another
    Viewed 2563 times since Wed, Jun 14, 2017
    How do i uninstall ezeelogin?
    Viewed 2159 times since Wed, Jun 14, 2017
    How to renew/update standalone license ?
    Viewed 432 times since Thu, Feb 27, 2020
    How to move servers/migrate servers from one Ezeelogin installation to another?
    Viewed 1742 times since Thu, Jun 15, 2017
    Database connectivity credentials and configuration file
    Viewed 1679 times since Thu, Nov 23, 2017
    How to export servers ?
    Viewed 3468 times since Sat, Sep 2, 2017