PVE is spaming my SMB backup server log

[t0mz]

Ever since I set up a SMB server as backup location I can see that the PVE server is connecting every 10 seconds generating 2 log entries each which makes the log on the Samba backup server quite unreadable.
It should be sufficient to try before a backup takes place I would assume, is there any way to stop these connections?

Mar 30 10:39:31 backupserver.local smbd[22110]: pam_unix(samba:session): session opened for user backup(uid=1000) by (uid=0) Mar 30 10:39:31 backupserver.local smbd[22110]: pam_unix(samba:session): session closed for user backup

 

[Max Carrara]

It should be sufficient to try before a backup takes place I would assume

Well, let's say your backup runs daily at 3 AM. If the backup's storage goes down at 3 PM the day before, you would only find out when the backup job runs - 12 hours later - causing your backup to fail.

You can however always filter your logs using something like grep or similar.

You probably already know how to use grep, but I'm gonna post this here for any future readers and for completeness' sake:

grep has two nice flags that can help us filter out undesired stuff from a given corpus of text:

• -E - Interpret the given pattern as regular expression
• -v - Instead of displaying what matches, display what doesn't match

See man grep for more information.
Equipped with this knowledge, you can display only relevant things in your logs (using /var/log/auth.log as an example here):

root:~/ $ tail /var/log/auth.log
Mar 31 12:35:02 your_hostname CRON[503373]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 12:35:02 your_hostname CRON[503373]: pam_unix(cron:session): session closed for user root
Mar 31 12:45:01 your_hostname CRON[509236]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 12:45:01 your_hostname CRON[509236]: pam_unix(cron:session): session closed for user root
Mar 31 12:55:01 your_hostname CRON[515096]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 12:55:01 your_hostname CRON[515096]: pam_unix(cron:session): session closed for user root
Mar 31 13:00:36 your_hostname kcheckpass[518849]: pam_unix(kde:auth): authentication failure; logname= uid=1337 euid=1337 tty=:0 ruser= rhost=  user=some_user
Mar 31 13:00:36 your_hostname kcheckpass[518849]: pam_sss(kde:auth): authentication success; logname= uid=1337 euid=1337 tty=:0 ruser= rhost= user=some_user
Mar 31 13:05:01 your_hostname CRON[522813]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 13:05:01 your_hostname CRON[522813]: pam_unix(cron:session): session closed for user root
Mar 31 13:12:02 your_hostname kcheckpass[526845]: pam_unix(kde:auth): authentication failure; logname= uid=1337 euid=1337 tty=:0 ruser= rhost=  user=some_user
Mar 31 13:12:02 your_hostname kcheckpass[526845]: pam_sss(kde:auth): authentication success; logname= uid=1337 euid=1337 tty=:0 ruser= rhost= user=some_user
Mar 31 13:15:01 your_hostname CRON[528634]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 13:15:01 your_hostname CRON[528634]: pam_unix(cron:session): session closed for user root
Mar 31 13:17:01 your_hostname CRON[530084]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 13:17:01 your_hostname CRON[530084]: pam_unix(cron:session): session closed for user root
Mar 31 13:25:01 your_hostname CRON[534836]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 13:25:01 your_hostname CRON[534836]: pam_unix(cron:session): session closed for user root
Mar 31 13:35:01 your_hostname CRON[542208]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Mar 31 13:35:01 your_hostname CRON[542208]: pam_unix(cron:session): session closed for user root

Removing irrelevant things by piping the output of tail through grep:

root:~/ $ tail /var/log/auth.log | grep -E -v 'session (opened|closed) for user root'
Mar 31 13:00:36 your_hostname kcheckpass[518849]: pam_unix(kde:auth): authentication failure; logname= uid=1337 euid=1337 tty=:0 ruser= rhost=  user=some_user
Mar 31 13:00:36 your_hostname kcheckpass[518849]: pam_sss(kde:auth): authentication success; logname= uid=1337 euid=1337 tty=:0 ruser= rhost= user=some_user
Mar 31 13:12:02 your_hostname kcheckpass[526845]: pam_unix(kde:auth): authentication failure; logname= uid=1337 euid=1337 tty=:0 ruser= rhost=  user=some_user
Mar 31 13:12:02 your_hostname kcheckpass[526845]: pam_sss(kde:auth): authentication success; logname= uid=1337 euid=1337 tty=:0 ruser= rhost= user=some_user

You get the idea. You can also pipe your text through grep multiple times of course, e.g. cat foo.txt | grep 'bar' | grep -v 'qux' will display all lines in foo.txt that contain bar and don't contain qux.

I hope this helps!

 

[t0mz]

Thanks Max, I get the idea of regular pings to make sure the target is still available, but every 10 seconds sounds a little too narrow to me.
Anyway, if this is by design that's ok, at least I know that it's not my set up.

Using grep to filter out the connections is a way, but I don't think journalctl offers negative filters. But I could use grep with journalctl as well and probably script checking for certain things to avoid typing lengthy command lines over and over.
In any case, I have decided to go with manual backups for now (switched off automated backups and storage location). The VM's I am running are stateless, I just need to remember to do a manual backup whenever a setting changes.