/etc/syslog.conf in FC4
STYMA, ROBERT E (ROBERT)
stymar at lucent.com
Fri Jan 27 21:05:23 UTC 2006
>
> I have been looking at the contents of /var/log/messages
> and the /etc/syslog.conf file and there appears to
> be a problem in my FC4 installation. I am using the
> default /etc/syslog.conf which was installed with the
> system (clean install - not upgrade).
>
>
> >From /etc/syslog.conf
> ...
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none
> /var/log/messages
>
> ...
>
> # Log cron stuff
> cron.*
> /var/log/cron
>
> >From the syslog.conf man page:
>
> In addition to the above mentioned names the syslogd(8)
> understands the following extensions: An asterisk (''*'')
> stands for
> all facilities or all priorities, depending on where it is
> used (before or after the period). The keyword none stands for no
> priority of the given facility.
>
> ...
> Multiple selectors may be specified for a single action using
> the semicolon ('';'') separator. Remember that each selector in
> the selector field is capable to overwrite the preceding
> ones. Using this behavior you can exclude some priorities from the
> pattern.
>
> --------------------------------
> As I read the man page, the last match, wins and 'none' means
> don't log.
> As can be seen in the following excerpt from
> /var/log/messages, cron is logging
> a lot of stuff.
> I am looking for a suggestion as to what to change to supress
> cron writing
> to /var/log/messages.
>
> --------------------------------
>
>
> [styma8]: tail /var/log/messages
> Jan 27 12:45:01 styma8 crond(pam_unix)[14334]: session closed
> for user root
> Jan 27 12:46:01 styma8 rpc.mountd: authenticated unmount
> request from styma9:934 for /home (/home)
> Jan 27 13:00:02 styma8 crond(pam_unix)[14410]: session opened
> for user root by (uid=0)
> Jan 27 13:00:02 styma8 crond(pam_unix)[14410]: session closed
> for user root
> Jan 27 13:01:01 styma8 crond(pam_unix)[14427]: session opened
> for user root by (uid=0)
> Jan 27 13:01:01 styma8 crond(pam_unix)[14427]: session closed
> for user root
> Jan 27 13:05:01 styma8 crond(pam_unix)[14448]: session opened
> for user root by (uid=0)
> Jan 27 13:05:02 styma8 crond(pam_unix)[14448]: session closed
> for user root
> Jan 27 13:15:01 styma8 crond(pam_unix)[21672]: session opened
> for user root by (uid=0)
> Jan 27 13:15:01 styma8 crond(pam_unix)[21672]: session closed
> for user root
>
> In addition to the above mentioned names the
> syslogd(8) understands the following extensions: An asterisk
> (''*'') stands for
> all facilities or all priorities, depending on where
> it is used (before or after the period). The keyword none
> stands for no
> priority of the given facility.
>
>
> Multiple selectors may be specified for a single
> action using the semicolon ('';'') separator. Remember that
> each selector in
> the selector field is capable to overwrite the
> preceding ones. Using this behavior you can exclude some
> priorities from the
> pattern.
>
>
I believe I fixed it.
I changed the default syslog.conf line to read:
*.info;mail.none;authpriv.none;cron.none;pam_unix.none /var/log/messages
and added a line.
pam_unix.* /var/log/pam_unix.log
I also added a /etc/logrotate.d file named pam_unix
/var/log/pam_unix.log {
copytruncate
weekly
rotate 52
compress
missingok
}
Just one more thing to remember to take care of when I
switch to FC5. :-|
Bob STyma
More information about the fedora-list
mailing list