System Logging, don't log something

[TheRudy]

Hey

How can i for example, exclude munin from being logged into log files?

auth.log

Code:

Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0)
Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0)
Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root
Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin

syslog

Code:

Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $
Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)

Logs are full of just those lines and would be much easier checking logs without this entries about munin...

Can i disable this logging for munin?

[falko]

It's cron that's logging, not munin. So you'd have to tell cron not to log munin-related stuff.

[martin1977]

How would you do that?
My auth.log is spammed by the server.sh and run-getmail.sh scripts.
Every minute a new entry is done:

Code:

May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root
May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0)
May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail

CRONTABs:

Code:

* * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
and
*/5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log

It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file?
I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab.

Best regards,
Martin

[martin1977]

Hello!

As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-)

In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where.
However, in /etc/rsyslog.conf I did the following change:

Code:

auth,authpriv.*               /var/log/auth.log

changed to 

auth,authpriv.err               /var/log/auth.log
auth,authpriv.warn               /var/log/auth.log

In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not.
This solution might be a bit to "global" for some people, as it would not log any successful authentication.
So if anyone in this forum knows a better solution, please enlight me.
In the meanwhile this is at leat a working work around.

Cheers,
Martin

[martin1977]

OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old

Code:

auth,authpriv.*                 /var/log/auth.log

with

Code:

:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                 /var/log/auth.log

This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin

[sixerjman]

Quote:

Originally Posted by martin1977

OK, now comes the GOOD solution.
forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

Simply replace the old

Code:

auth,authpriv.*                 /var/log/auth.log

with

Code:

:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                 /var/log/auth.log

This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

Best regards,
Martin

This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work.