Management of OpenSSH log files in SSH$ROOT:[VAR]

[csewell]

I guess creating unique log file names in SSH$ROOT:[VAR] for every ssh connection is something brought over from other platforms, but the ssh login slows to a crawl when there is a surplus of log files in that directory. We all know how OpenVMS struggles with directories with a huge number of log files.

Our site has a client that logs in every 10 seconds or so with ssh to check on the existence of a file. Ridiculous, but they will not change, and there is nothing we can do about it. On top of that, our ssh port is open to the internet for reasons, and we are constantly being tested for root and admin access.

The upshot is, after a weeks' running of OpenSSH we were up to 38000 log files in the VAR directory and it was taking 4 or 5 seconds to log in while OpenVMS struggled to create a new log file.

With the ssh that came with the TCP/IP and the single log file name, we were at least able to purge to a reasonable number of files (and use a version renaming utility to prevent the highest version number from reaching 32767). Now I need to create a procedure that deletes all log files over a certain age to keep the number down.

Another complaint: TCP/IP ssh would open the log files in read sharing mode, and flush the contents to disk. OpenSSH opens the log files locked, and does not flush the contents until the connection drops. So we can't see the contents of the log files until the client disconnects.

Is there some place I can report bugs or suggestions regarding the VSI ported software?

[sms]

Code: Select all

> [...] our ssh port is open to the internet for reasons, and we are
> constantly being tested for root and admin access.

   So's mine, but I very quickly tired of the attacks, and stopped
exposing it at port 22.  Around here, the computers use port 22, but the
router fiddles the port number for the exposed systems.  Specifying
"-p XXXX" from the outside world seems a small price to pay.

> [...] Now I need to create a procedure that deletes all log files over
> a certain age to keep the number down.

   I'd expect a pretty short script to be able to do that.  Calculate
the cut-off date+time, DELETE /BEFORE = <whenever> <whatever>,
resubmit-myself.

>  Is there some place I can report bugs or suggestions regarding the
> VSI ported software?

   If I had a support agreement, then I'd open an "Issue" on the Service
Platform.  Otherwise, these forums seem to be it.

[arne_v]

I guess creating unique log file names in SSH$ROOT:[VAR] for every ssh connection is something brought over from other platforms, but the ssh login slows to a crawl when there is a surplus of log files in that directory. We all know how OpenVMS struggles with directories with a huge number of log files.
...
The upshot is, after a weeks' running of OpenSSH we were up to 38000 log files in the VAR directory and it was taking 4 or 5 seconds to log in while OpenVMS struggled to create a new log file.

With the ssh that came with the TCP/IP and the single log file name, we were at least able to purge to a reasonable number of files (and use a version renaming utility to prevent the highest version number from reaching 32767). Now I need to create a procedure that deletes all log files over a certain age to keep the number down.

I would be tempted to instead of purging and renaming to have a job running every night that:
- processes the logs files from lowest version to highest version
- for each file append it to a monthly log file and delete the original file

Then you will have:
- everything logged
- only 12 files per year

And if you don't want to keep that crap forever then just delete some old monthly log files.