On Sun, Jun 09, 2002 at 02:51:02PM -0700, Bill Wohler wrote: > Keith Robinson <[EMAIL PROTECTED]> writes: > > On Sat, Jun 08, 2002 at 01:42:28PM -0700, Bill Wohler wrote: > > > Keith Robinson <[EMAIL PROTECTED]> writes: > > > > Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for > > user root > > > > > > > > This is really annoying when I'm checking the logs. I've had a look > > for the problem, but came up emtpy. > > > > > > Not a problem, just PAM reporting setuid calls. > > > > > > > Cheers for the response. Any way of redirecting this output to a > > different log, or is it just something that I'll have to work around when > > surveying the logs? > > The answer is most likely yes, although I'd have to dig through the > syslog and PAM man pages to find the spells to throw into the witches' > pot, namely syslog.conf. > > However, you probably really don't want to do that. That information > might be useful in the case of a security breach. As you mention, > ignoring the messages until you do need them is a reasonable approach. > Indeed, this is what I do in my logcheck filters. >
Yes, I think this is probably the best response. It had crossed my mind to filter the logs with a small perl script, but, as you say, this information won't then be available to me should I need to refer to it. So I'll just read around it. Thanks for your responses, Bill. Most appreciated. Keith -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]