opendev/gerrit
Code Issues Proposed changes

Log SSH activity to $site_path/logs/sshd_log

Browse Source 
The sshd_log now records authentication failure, login, logout and
command execution.  Example run:

  [2009-12-29 10:22:35,581 -0800] bd6b094b root - AUTH FAILURE FROM 127.0.0.1 user-not-found
  [2009-12-29 10:29:21,979 -0800] 5d60cd6e spearce a/1001240 LOGIN FROM 127.0.0.1
  [2009-12-29 10:29:47,994 -0800] 5d60cd6e spearce a/1001240 'git-upload-pack tools/repo.git' 3ms 42ms 0
  [2009-12-29 10:29:52,533 -0800] 5d60cd6e spearce a/1001240 'git-upload-pack tools/gerrit.git' 2ms 321ms 0
  [2009-12-29 10:29:56,702 -0800] 5d60cd6e spearce a/1001240 LOGOUT

Log lines are formatted into fields as follows:

  * date and time
  * unique session identifier
  * username
  * internal account id
  * command name
  * milliseconds spent waiting for execution thread
  * milliseconds spent executing command
  * exit status

The unique session identifier can be used to string together commands
which came over the same SSH connection.  To produce the above log
output I ran in one terminal window:

  $ ssh -o 'ControlPath /tmp/me.sock' -p 29418 -M -N spearce@localhost

to establish the session, and then in another window:

  $ ssh -o 'ControlPath /tmp/me.sock' -p 29418 spearce@localhost git-upload-pack tools/repo.git </dev/null
  $ ssh -o 'ControlPath /tmp/me.sock' -p 29418 spearce@localhost git-upload-pack tools/gerrit.git </dev/null

to perform two commands on the same existing session, and therefore
the same session identity 5d60cd6e is used on all messages.

To improve performance during request processing, login and
authentication failure lines never perform a reverse hostname lookup.
Only the IP address of the remote peer is stored in the log file.

Log messages are written to disk through a background thread,
so execution threads can work without being blocked on the local
disk log.  A bounded queue of 64 log events is used in memory to
throttle the execution threads, if the log thread gets behind by
more than 64 events the execution threads will stall until there
is sufficient buffer space available.

Log files are rotated daily, and compressed automatically when the
error_log is compressed, if run through our daemon command.

Change-Id: Ibeae49fac80f4ca7d24db0de24a43642e0fe92ab
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2009-12-29 10:30:08 -08:00
parent 27868a42d9
commit a029244fbb
12 changed files with 560 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gerrit-pgm/src/main/java/com/google/gerrit/pgm/util/LogFileCompressor.java
View File

@@ -97,6 +97,7 @@ public class LogFileCompressor implements Runnable {
private boolean isLive(final File entry) {
final String name = entry.getName();
return ErrorLogFile.LOG_NAME.equals(name) //
|| "sshd_log".equals(name) //
|| name.endsWith(".pid");
}