Hey How can i for example, exclude munin from being logged into log files? auth.log Code: Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0) Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0) Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin syslog Code: Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $ Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi) Logs are full of just those lines and would be much easier checking logs without this entries about munin... Can i disable this logging for munin?
How would you do that? My auth.log is spammed by the server.sh and run-getmail.sh scripts. Every minute a new entry is done: Code: May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0) May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0) May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0) May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail CRONTABs: Code: * * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log and */5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file? I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab. Best regards, Martin
found the solution Hello! As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-) In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where. However, in /etc/rsyslog.conf I did the following change: Code: auth,authpriv.* /var/log/auth.log changed to auth,authpriv.err /var/log/auth.log auth,authpriv.warn /var/log/auth.log In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not. This solution might be a bit to "global" for some people, as it would not log any successful authentication. So if anyone in this forum knows a better solution, please enlight me. In the meanwhile this is at leat a working work around. Cheers, Martin
OK, now comes the GOOD solution. forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way: Simply replace the old Code: auth,authpriv.* /var/log/auth.log with Code: :msg, contains, "pam_unix(cron:session)" ~ auth,authpriv.* /var/log/auth.log This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required) This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it. Best regards, Martin
Thanks Martin! This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work.
