> > crond is generated those messages. You should be checking all the > crontabs that run as root. > > On 12/6/06, Styma, Robert E (Robert) > <stymar@xxxxxxxxxxxxxxxxxx> wrote: > > > > To Those who know syslog well: > > > > I upgraded from FC4 -> FC6 via CD's in upgrade > > mode and now I am getting lots of cron entries > > in /var/log/secure. Comparisons between the FC4 > > /etc/syslog.conf file and the current copy show > > it was not updated. > > > > I see lots of entries like the following: > > Dec 6 13:04:01 styma8 crond[29897]: > pam_unix(crond:session): session opened for user root by (uid=0) > > Dec 6 13:04:02 styma8 crond[29897]: > pam_unix(crond:session): session closed for user root > > Dec 6 13:05:01 styma8 crond[29913]: > pam_unix(crond:session): session opened for user root by (uid=0) > > Dec 6 13:05:02 styma8 crond[29913]: > pam_unix(crond:session): session closed for user root > > > > My /etc/syslog.conf file is pretty simple (see below). The > only thing > > I am directing to /var/log/secure is authpriv.* which I > believe is the > > default. I would prefer to send these cron messages to > either /var/log/cron > > or the bit bucket. This leaves /var/log/secure more uncluttered. > > > > Can someone suggest a change to /etc/syslog.conf which > would affect the > > change I want? Thank you for your time. > > > > Bob Styma > > > > #----- /etc/syslog.conf > > > > # Log all kernel messages to the console. > > # Logging much else clutters up the screen. > > #kern.* /dev/console > > > > # Log anything (except mail) of level info or higher. > > # Don't log private authentication messages! > > *.info;mail.none;authpriv.none;cron.none;auth.!=info > /var/log/messages > > > > # The authpriv file has restricted access. > > authpriv.* > /var/log/secure > > > > # Log all the mail messages in one place. > > mail.* > -/var/log/maillog > > > > > > # Log cron stuff > > cron.* > /var/log/cron > > > > # Everybody gets emergency messages > > *.emerg * > > > > # Save news errors of level crit and higher in a special file. > > uucp,news.crit > /var/log/spooler > > > > # Save boot messages also to boot.log > > local7.* > /var/log/boot.log > > > > auth.=info /var/log/cron > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > L. Friedman netllama@xxxxxxxxx > LlamaLand http://netllama.linux-sxs.org > I understand that crond is causing the entries to be generated, however They pass through the syslog process and I want to route them somewhere less obtrusive. /var/log/security shows when someone attempts to access my machine. /etc/hosts.allow / deny has so far done it's job, but I like to keep an eye on this. Bob -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
