I'm managing my tiny vps and was working on a script to send the logging log to my email. I'm using journalctl to list the logging tentative with:
journalctl -u sshd >> ./connection.log
However my log file is simply spammed with line like:
Mar 10 04:47:31 mydomain.net sshd[31468]: Connection closed by xxx.xxx.xxx.xxx [preauth].
The IP is not the one of my server. The line with the same IP repeat like 10-20 times. And when someone try to log to my server, it changes to another one until someone log again, etc...
First: Does anybody knows why is a connection close spammed like that ? (I'm new to administrating, and I experiment on my vps)
Second: Is it possible to ignore this lines and not print it in the .log file ? (Sorry for my english)
