HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   System Logging, don't log something (http://www.howtoforge.com/forums/showthread.php?t=5230)

TheRudy 29th June 2006 09:42

System Logging, don't log something
 
Hey

How can i for example, exclude munin from being logged into log files?

auth.log
Code:

Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0)
Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root
Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin

syslog
Code:

Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $
Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)

Logs are full of just those lines and would be much easier checking logs without this entries about munin...

Can i disable this logging for munin?

falko 29th June 2006 22:53

It's cron that's logging, not munin. So you'd have to tell cron not to log munin-related stuff.

martin1977 14th May 2009 10:16

How would you do that?
My auth.log is spammed by the server.sh and run-getmail.sh scripts.
Every minute a new entry is done:
Code:

May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root
May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail

CRONTABs:
Code:

* * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
and
*/5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log


It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file?
I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab.

Best regards,
Martin

martin1977 16th May 2009 19:38

found the solution
 
Hello!

As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-)

In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where.
However, in /etc/rsyslog.conf I did the following change:
Code:

auth,authpriv.*              /var/log/auth.log

changed to

auth,authpriv.err              /var/log/auth.log
auth,authpriv.warn              /var/log/auth.log

In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not.
This solution might be a bit to "global" for some people, as it would not log any successful authentication.
So if anyone in this forum knows a better solution, please enlight me.
In the meanwhile this is at leat a working work around.

Cheers,
Martin

martin1977 18th May 2009 07:47

OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old
Code:

auth,authpriv.*                /var/log/auth.log
with
Code:

:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                /var/log/auth.log

This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin

sixerjman 1st July 2010 16:53

Thanks Martin!
 
Quote:

Originally Posted by martin1977 (Post 188765)
OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old
Code:

auth,authpriv.*                /var/log/auth.log
with
Code:

:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                /var/log/auth.log

This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin

This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work. :)


All times are GMT +2. The time now is 01:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.