Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th June 2006, 09:42
TheRudy TheRudy is offline
Senior Member
 
Join Date: Dec 2005
Posts: 215
Thanks: 1
Thanked 7 Times in 5 Posts
Default System Logging, don't log something

Hey

How can i for example, exclude munin from being logged into log files?

auth.log
Code:
Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0)
Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root
Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin
syslog
Code:
Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $
Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)
Logs are full of just those lines and would be much easier checking logs without this entries about munin...

Can i disable this logging for munin?
Reply With Quote
Sponsored Links
  #2  
Old 29th June 2006, 22:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

It's cron that's logging, not munin. So you'd have to tell cron not to log munin-related stuff.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th May 2009, 10:16
martin1977 martin1977 is offline
Junior Member
 
Join Date: May 2009
Posts: 20
Thanks: 0
Thanked 3 Times in 3 Posts
Default

How would you do that?
My auth.log is spammed by the server.sh and run-getmail.sh scripts.
Every minute a new entry is done:
Code:
May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root
May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail
CRONTABs:
Code:
* * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
and
*/5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log

It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file?
I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab.

Best regards,
Martin

Last edited by martin1977; 14th May 2009 at 10:23.
Reply With Quote
  #4  
Old 16th May 2009, 19:38
martin1977 martin1977 is offline
Junior Member
 
Join Date: May 2009
Posts: 20
Thanks: 0
Thanked 3 Times in 3 Posts
Default found the solution

Hello!

As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-)

In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where.
However, in /etc/rsyslog.conf I did the following change:
Code:
auth,authpriv.*               /var/log/auth.log

changed to 

auth,authpriv.err               /var/log/auth.log
auth,authpriv.warn               /var/log/auth.log
In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not.
This solution might be a bit to "global" for some people, as it would not log any successful authentication.
So if anyone in this forum knows a better solution, please enlight me.
In the meanwhile this is at leat a working work around.

Cheers,
Martin
Reply With Quote
The Following User Says Thank You to martin1977 For This Useful Post:
falko (17th May 2009)
  #5  
Old 18th May 2009, 07:47
martin1977 martin1977 is offline
Junior Member
 
Join Date: May 2009
Posts: 20
Thanks: 0
Thanked 3 Times in 3 Posts
Default

OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old
Code:
auth,authpriv.*                 /var/log/auth.log
with
Code:
:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                 /var/log/auth.log
This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin
Reply With Quote
The Following User Says Thank You to martin1977 For This Useful Post:
falko (19th May 2009)
  #6  
Old 1st July 2010, 16:53
sixerjman sixerjman is offline
Junior Member
 
Join Date: Apr 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Thanks Martin!

Quote:
Originally Posted by martin1977 View Post
OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old
Code:
auth,authpriv.*                 /var/log/auth.log
with
Code:
:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                 /var/log/auth.log
This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin
This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing IP on running system jlaughy Installation/Configuration 8 3rd April 2009 12:35
MySQL time differs from system arsen.gushin Server Operation 7 23rd June 2006 19:33
Updating of the SUSE 9.3 system bogdinator Installation/Configuration 1 7th March 2006 13:45
Real System users exy123 General 2 12th December 2005 10:01
ISPConfig system stoped johnking Installation/Configuration 7 27th October 2005 02:37


All times are GMT +2. The time now is 05:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.