System Logging, don't log something

Discussion in 'Installation/Configuration' started by TheRudy, Jun 29, 2006.

  1. TheRudy

    TheRudy ISPConfig Developer ISPConfig Developer

    Hey

    How can i for example, exclude munin from being logged into log files?

    auth.log
    Code:
    Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0)
    Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0)
    Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root
    Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin
    
    syslog
    Code:
    Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $
    Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)
    
    Logs are full of just those lines and would be much easier checking logs without this entries about munin...

    Can i disable this logging for munin?
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    It's cron that's logging, not munin. So you'd have to tell cron not to log munin-related stuff.
     
  3. martin1977

    martin1977 New Member

    How would you do that?
    My auth.log is spammed by the server.sh and run-getmail.sh scripts.
    Every minute a new entry is done:
    Code:
    May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
    May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root
    May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
    May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail
    
    CRONTABs:
    Code:
    * * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
    and
    */5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log

    It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file?
    I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab.

    Best regards,
    Martin
     
    Last edited: May 14, 2009
  4. martin1977

    martin1977 New Member

    found the solution

    Hello!

    As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-)

    In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where.
    However, in /etc/rsyslog.conf I did the following change:
    Code:
    auth,authpriv.*               /var/log/auth.log
    
    changed to 
    
    auth,authpriv.err               /var/log/auth.log
    auth,authpriv.warn               /var/log/auth.log
    In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not.
    This solution might be a bit to "global" for some people, as it would not log any successful authentication.
    So if anyone in this forum knows a better solution, please enlight me.
    In the meanwhile this is at leat a working work around.

    Cheers,
    Martin
     
  5. martin1977

    martin1977 New Member

    OK, now comes the GOOD solution.
    forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

    Simply replace the old
    Code:
    auth,authpriv.*                 /var/log/auth.log
    with
    Code:
    :msg, contains, "pam_unix(cron:session)"  ~
    auth,authpriv.*                 /var/log/auth.log
    This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
    This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

    Best regards,
    Martin
     
  6. sixerjman

    sixerjman New Member

    Thanks Martin!

    This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work. :)
     

Share This Page