This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

secure 2.3 GB file under /var/log

DeepanshuSood1
Beginner
Beginner

‎2016-08-09 03:00 AM

Hi,

 

I have one Virtual log collector running on v 10.4.0.2 and what i observed in that VLC, that there is one file which is being created under /var/log/ and the file name is secure and it have a size of more 2.3 GB, which i have deleted many times, but after some time it again gets appeared at the same location which is slowing down the vlc.

 

And below are some line of logs which are in the file if if i look into it.

 

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug1: user sftp matched group list uploads at line 159

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: match found

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:160 setting ChrootDirectory /var/netwitness/logcollector/upload_chroot

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:161 setting X11Forwarding no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:162 setting AllowTcpForwarding no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: reprocess config:163 setting PasswordAuthentication no

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: auth_shadow_acctexpired: today 17022 sp_expire -1 days left -17023

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: account expiration disabled

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_send entering: type 8

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug2: monitor_read: 7 used once, disabling now

Aug  9 06:58:14 NCORP-VLC-01 sshd[14558]: debug3: mm_request_receive entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug2: input_userauth_request: setting up authctxt for sftp

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authserv entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 3

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_inform_authrole entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 4

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_auth2_read_banner entering

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_send entering: type 9

Aug  9 06:58:14 NCORP-VLC-01 sshd[14560]: debug3: mm_request_receive_expect entering: type

 

 

 

So I am just wondering that why the logs are being generating and how to get rid from them.

Kindly advise. Thanks.

 

Regards,

Deepanshu Sood.

0 Likes
23 REPLIES 23

DeepanshuSood1
Beginner
Beginner
In response to KhaledGamal

‎2016-08-09 06:57 AM

Okay understood.

One thing which I am assuming is that the event sources which are added on the VLC by file reader collection method their logs collection will not be get impacted by this change or will they get impacted?

 

Pls suggest. This is what I am only afraid of.

 

Regards,

Deepanshu Sood.

0 Likes

KhaledGamal
Beginner
Beginner
In response to DeepanshuSood1

‎2016-08-09 06:59 AM

No Impact will affect the log collection at all. You have nothing to be afraid of

 

Best regards

Khaled

DeepanshuSood1
Beginner
Beginner
In response to KhaledGamal

‎2016-08-09 07:04 AM

Cool

0 Likes

DeepanshuSood1
Beginner
Beginner
In response to KhaledGamal

‎2016-08-09 07:24 AM

I'll keep an eye on the file and would inform you if it goes too much in size.

 

many many thanks again.

 

Regards,

Deepanshu Sood.

© 2022 RSA Security LLC or its affiliates. All rights reserved.