System Logging, don't log something

Discussion in 'Installation/Configuration' started by TheRudy, Jun 29, 2006.

  1. TheRudy

    TheRudy Member

    Hey

    How can i for example, exclude munin from being logged into log files?

    auth.log
    Code:
    Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session opened for user root by (uid=0)
    Jun 25 06:55:01 mercury CRON[11203]: (pam_unix) session opened for user munin by (uid=0)
    Jun 25 06:55:01 mercury CRON[11202]: (pam_unix) session closed for user root
    Jun 25 06:55:06 mercury CRON[11203]: (pam_unix) session closed for user munin
    
    syslog
    Code:
    Jun 29 06:45:01 mercury /USR/SBIN/CRON[429]: (root) CMD ([ -x /etc/munin/plugins/apt ] && /etc/munin/plugins/apt update 7200 $
    Jun 29 06:45:01 mercury /USR/SBIN/CRON[430]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)
    
    Logs are full of just those lines and would be much easier checking logs without this entries about munin...

    Can i disable this logging for munin?
     
  2. falko

    falko Super Moderator Howtoforge Staff

    It's cron that's logging, not munin. So you'd have to tell cron not to log munin-related stuff.
     
  3. martin1977

    martin1977 New Member

    How would you do that?
    My auth.log is spammed by the server.sh and run-getmail.sh scripts.
    Every minute a new entry is done:
    Code:
    May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
    May 14 09:59:01 h1053099 CRON[10646]: pam_unix(cron:session): session closed for user root
    May 14 10:00:01 h1053099 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
    May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    May 14 10:00:01 h1053099 CRON[10659]: pam_unix(cron:session): session closed for user getmail
    
    CRONTABs:
    Code:
    * * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
    and
    */5 * * * * /usr/local/ispconfig/server/scripts/run-getmail.sh > /dev/null 2>> /var/log/ispconfig/cron.log

    It is a bit unfortune to log these repeating messages in auth.log. Is there a possibility to supress them or log into a different file?
    I am running Debain Lenny and cannot use the "-" trick that works with Suse in the crontab.

    Best regards,
    Martin
     
    Last edited: May 14, 2009
  4. martin1977

    martin1977 New Member

    found the solution

    Hello!

    As apparently nobody knows how that is done ( or nobody wnted to answer such a "silly" quesion ), I'd like to enlight you ;-)

    In the syslog facility (on my machine it is rsyslog) there are options to define what is logged and where.
    However, in /etc/rsyslog.conf I did the following change:
    Code:
    auth,authpriv.*               /var/log/auth.log
    
    changed to 
    
    auth,authpriv.err               /var/log/auth.log
    auth,authpriv.warn               /var/log/auth.log
    In that way only authentication log enties of warning or higher level are logged. Information about something or someone logging in not.
    This solution might be a bit to "global" for some people, as it would not log any successful authentication.
    So if anyone in this forum knows a better solution, please enlight me.
    In the meanwhile this is at leat a working work around.

    Cheers,
    Martin
     
  5. martin1977

    martin1977 New Member

    OK, now comes the GOOD solution.
    forget about the last post - that one might be the solution for "old school" syslog users but since I use rsyslog there is a much better way:

    Simply replace the old
    Code:
    auth,authpriv.*                 /var/log/auth.log
    with
    Code:
    :msg, contains, "pam_unix(cron:session)"  ~
    auth,authpriv.*                 /var/log/auth.log
    This would write everything into /var/log/auth.log BUT messages that contain "pam_unix(cron:session)". (Please note that the tilde "~" at the end of the line is required)
    This is exactly what at least I was searching for. Rsyslog has much more fun functionallity and it is worth to have a closer look into it.

    Best regards,
    Martin
     
  6. sixerjman

    sixerjman New Member

    Thanks Martin!

    This was exactly the problem I was having, and exactly the solution I was looking for. I also run rsyslog, and at first I added the 'auth,authpriv.*' line to the top of my rsyslog.conf before I had read to the bottom of the thread (I was in a rush to get those pam.unix messages out of the way). Surgical and elegant, nice work. :)
     

Share This Page