/etc/syslog.conf in FC4

STYMA, ROBERT E (ROBERT) stymar at lucent.com
Fri Jan 27 21:05:23 UTC 2006


> 
> I have been looking at the contents of /var/log/messages
> and the /etc/syslog.conf file and there appears to
> be a problem in my FC4 installation.  I am using the
> default /etc/syslog.conf which was installed with the
> system (clean install - not upgrade).
> 
> 
> >From /etc/syslog.conf
> ...
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none		
> /var/log/messages
> 
> ...
> 
> # Log cron stuff
> cron.*							
> /var/log/cron
> 
> >From the syslog.conf man page:
> 
> In addition to the above mentioned names the syslogd(8) 
> understands the following extensions: An asterisk  (''*'')  
> stands  for
> all  facilities  or all priorities, depending on where it is 
> used (before or after the period).  The keyword none stands for no
> priority of the given facility.
> 
> ...
> Multiple selectors may be specified for a single action using 
> the semicolon ('';'') separator.  Remember that each selector  in
> the  selector  field  is capable to overwrite the preceding 
> ones.  Using this behavior you can exclude some priorities from the
> pattern.
> 
> --------------------------------
> As I read the man page, the last match, wins and 'none' means 
> don't log.
> As can be seen in the following excerpt from 
> /var/log/messages, cron is logging
> a lot of stuff.
> I am looking for a suggestion as to what to change to supress 
> cron writing
> to /var/log/messages.
> 
> --------------------------------
> 
> 
> [styma8]: tail /var/log/messages
> Jan 27 12:45:01 styma8 crond(pam_unix)[14334]: session closed 
> for user root
> Jan 27 12:46:01 styma8 rpc.mountd: authenticated unmount 
> request from styma9:934 for /home (/home)
> Jan 27 13:00:02 styma8 crond(pam_unix)[14410]: session opened 
> for user root by (uid=0)
> Jan 27 13:00:02 styma8 crond(pam_unix)[14410]: session closed 
> for user root
> Jan 27 13:01:01 styma8 crond(pam_unix)[14427]: session opened 
> for user root by (uid=0)
> Jan 27 13:01:01 styma8 crond(pam_unix)[14427]: session closed 
> for user root
> Jan 27 13:05:01 styma8 crond(pam_unix)[14448]: session opened 
> for user root by (uid=0)
> Jan 27 13:05:02 styma8 crond(pam_unix)[14448]: session closed 
> for user root
> Jan 27 13:15:01 styma8 crond(pam_unix)[21672]: session opened 
> for user root by (uid=0)
> Jan 27 13:15:01 styma8 crond(pam_unix)[21672]: session closed 
> for user root
> 
>        In addition to the above mentioned names the 
> syslogd(8) understands the following extensions: An asterisk  
> (''*'')  stands  for
>        all  facilities  or all priorities, depending on where 
> it is used (before or after the period).  The keyword none 
> stands for no
>        priority of the given facility.
> 
> 
>        Multiple selectors may be specified for a single 
> action using the semicolon ('';'') separator.  Remember that 
> each selector  in
>        the  selector  field  is capable to overwrite the 
> preceding ones.  Using this behavior you can exclude some 
> priorities from the
>        pattern.
> 
> 
I believe I fixed it.  
I changed the default syslog.conf line to read: 
*.info;mail.none;authpriv.none;cron.none;pam_unix.none /var/log/messages

and added a line.

pam_unix.*     /var/log/pam_unix.log

I also added a /etc/logrotate.d file named pam_unix
/var/log/pam_unix.log {
    copytruncate
    weekly
    rotate 52
    compress
    missingok
}

Just one more thing to remember to take care of when I
switch to FC5.  :-|

Bob STyma




More information about the fedora-list mailing list