Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

journal gets flooded when using cockpit with ssh session on remote hosts #352

Open
msilveirabr opened this issue Jan 4, 2023 · 1 comment
Open

journal gets flooded when using cockpit with ssh session on remote hosts #352

msilveirabr opened this issue Jan 4, 2023 · 1 comment

Comments

@msilveirabr
Copy link

After getting a "master" cockpit server up, added some client computers using SSH public key connection.

It took me a while to understand what was going on.... not sure how to solve this ( cockpit -> logs )
Screenshot from 2023-01-04 19-57-48

Detailed view of an entry:

tlog-rec-session
{"ver":"2.3","host":"tlog-fc37-client.local","rec":"49aa6e0d80704f17bb1872151b4d9abb-28a9-74d11a","user":"ansible","term":"","session":16,"id":143687,"pos":1147251,"time":1672873074.597,"timing":"<44+156<118+2<1526","in_txt":":5623808,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5246976,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5263360,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5279744,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5296128,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5296128,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5296128,\"command\":\"pong\",\"channel\":\"3:8!7\"}56\n\n{\"sequence\":5296128,\"command\":\"pong\",\"channel\":","in_bin":[],"out_txt":"","out_bin":[]}
CODE_FILE
journal_json_writer.c
CODE_FUNC
tlog_journal_json_writer_write
CODE_LINE
117
PRIORITY
6
SYSLOG_IDENTIFIER
tlog-rec-session
TLOG_ID
143687
TLOG_REC
49aa6e0d80704f17bb1872151b4d9abb-28a9-74d11a
TLOG_SESSION
16
TLOG_USER
ansible
_AUDIT_LOGINUID
1001
_AUDIT_SESSION
16
_BOOT_ID
49aa6e0d80704f17bb1872151b4d9abb
_CAP_EFFECTIVE
0
_CMDLINE
tlog-rec-session -c cockpit-bridge
_COMM
tlog-rec-sessio
_EXE
/usr/bin/tlog-rec-session
_GID
1001
_HOSTNAME
tlog-fc37-client.local
_MACHINE_ID
9d30c55c9c74420d95b559ef1afd61f6
_PID
10409
_SELINUX_CONTEXT
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
_SOURCE_REALTIME_TIMESTAMP
1672873074755555
_SYSTEMD_CGROUP
/user.slice/user-1001.slice/session-16.scope
_SYSTEMD_INVOCATION_ID
43d0002d24ed4802848380a4ef9b3a9b
_SYSTEMD_OWNER_UID
1001
_SYSTEMD_SESSION
16
_SYSTEMD_SLICE
user-1001.slice
_SYSTEMD_UNIT
session-16.scope
_SYSTEMD_USER_SLICE
-.slice
_TRANSPORT
journal
_UID
1001
__CURSOR
s=84f2e400fcb046f8b5828adc8d8c4f46;i=31fbdf;b=49aa6e0d80704f17bb1872151b4d9abb;m=1217937277;t=5f1781d600807;x=ec28f7486d7c150c
__MONOTONIC_TIMESTAMP
77704950391
__REALTIME_TIMESTAMP
1672873074755591

cockpit playback:
Screenshot from 2023-01-04 20-02-15

What should be done to fix this?
Add the user used to connect to the remote hosts to the exclude_users / exclude_groups in session_recording section of /etc/sssd/conf.d/sssd-session-recording.conf ?

UPDATE: After adding a cockpitremote user and adding it to the sssd config exclude_users= line worked.
BTW, for testing purposes, I was using the same login user from terminal to connect remotely

I'll leave this open for a while in case anyone hits the same issue.

Is there any better approach to avoid this?
@justin-stephenson
Copy link
Collaborator

The logs show "user":"ansible", did you setup recording for all users? You may need to exclude certain users or groups from recording if those users recording is generating useless recording data.

Ideally, to avoid excess noise, you would use scope=some and only apply to the users and/or groups you want to record, but exclude_* options were added to provide more flexibility with configuration also.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msilveirabr @justin-stephenson