Well, Ted, it's not really that bad. A little RTFM (or release notes in this case) and it was fixed. All I had to do was start the auditd user-space tools and the messages are logged to /var/log/audit/audit.log. All I wanted was to get them out of /var/log/messages and the ring buffer. Kirk Ted Kaczmarek wrote: > On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote: > >>Since updating to 4.2 my Opteron server has been flooded by messages like: >> >>audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: >>user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)' >> >>to both /var/log/messages and the kernel ring buffer. Looks like they are being >>generated by cron jobs being run on the server. >> >>Does anyone know how to turn these messages off or to redirect them? >> >>Kirk >> >>_______________________________________________ > > Man I am glad you posted this, guess I will be staying on 4.1 for a > while :-) > > Ted > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos