Daniel Campbell posted on Thu, 26 Dec 2013 22:02:31 -0600 as excerpted: > On 12/25/2013 08:43 AM, Duncan wrote: >> >> I [replaced vixie-cron with cronie] too, a few days ago. >> >> TL;DR: Drop-in but for the log-spamming. =:^( >> >> While cronie itself was simple and drop-in for vixie-cron, it DID start >> rather severely log-spamming, IIRC four log-lines every 10 minutes when >> the run-crons ran.
> Could you share the lines that provided the filtering? I'm sure it would > help others. Your e-mail led me to check my logs to see if I have the > same, but I don't know where to look. I think I mentioned that I'm using syslog-ng here. ~arch, so version 3.4.6. Stable 3.4.2 should be similar but it may not be identical. I had started to post a big long explanation, but then decided simply posting my entire syslog-ng.conf file with a shorter explanation would be better. There's nothing really private in it. The way I handle filters is to setup the original message-selecting filters first, then combine them with AND NOT as appropriate in a second- level message-rejecting filter. I have two sets of filters, thus two second level filters into which the others feed, the spam filters and the category filters. The category filters are setup to select a particular category of messages; for instance, all messages from cron. The category selecting filter is then used in a log section, to route the selected messages to a particular file. The second level rejecting filter is in turn used to filter out all the categorized messages from the log stream going to the generic messages file, so it doesn't get the categorized messages and is thus less noisy, making it easier to process what /does/ come thru. The spam filters are setup similarly, with individual selection filters and a single second level rejection filter, except I don't want to log those messages at all, so the only thing the selection filters are used for is to feed into the rejection filter. Still, that seemed the simplest and most logical way to handle it, to me. Setup that way, the log sections stay short and simple, not the hairball of individual selection and rejection filters they could become otherwise. OK, the file is included inline after my sig, below... (Since I use pan for my lists via nntp://news.gmane.org, and pan normally yencodes attachments for USENET posting while most mail clients don't handle yenc, I won't try attaching the file that way as it'd come thru as gibberish to most. I could inline UUE it, but as it's text anyway, I'll post it inline with auto-wrapping off and hope it doesn't get mangled.) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman @version: 3.4 @include "scl.conf" # /etc/syslog-ng/syslog-ng.conf # JED: don't etc-update replace! ################################################################################# ######### Options: syslog-ng general options ######### ################################################################################# options { threaded(yes); stats_freq (43200); mark_freq (3600); }; ################################################################################# ######### Sources: where messages come from ######### ################################################################################# source src { system(); internal(); }; ################################################################################# ######### Destinations: where messages go ######### ################################################################################# # NOTE: Default destination output format template # (admin guide section 11.1.2, templates and macros) #template default { # (template("${ISODATE} ${HOST} ${MSGHDR}${MSG}\n"); # template_escape(no); #}; # ${MSGHDR} further defines to "PROGRAM[PID]: " (note trailing space), # with a kernel MSGHDR obviously lacking [PID], so... # final format is: ISODATE HOST PROGRAM[PID] MSG(=content) ################################################### # global destinations destination messages { file ("/var/log/messages"); }; destination log-tty { file ("/dev/tty12"); }; # for programs like xconsole using /dev/console... #destination dev-console { # file ("/dev/console"); #}; ################################################### # categorized destinations destination IPTables { file ("/var/log/iptables"); }; destination dhcpcd { file ("/var/log/dhcpcd"); }; destination cron { file ("/var/log/cron"); }; destination portage { file ("/var/log/portage-msg"); }; ################################################################################# ######### Filters: which messages ######### ################################################################################# # log-spam pre-filters, combined in spam-global, below # sudo has its own, better log, but pam_unix spams it to syslog too filter spam-sudo { program ("sudo") ;}; # 2013.1217 kernel type=1006 (AUDIT_LOGIN) auditing enabled and logging # on cron's 10-minute run-crons. # kernel: type=1006 audit(1387288201.202:209): pid=5760 uid=0 old auid=501 # new auid=0 old ses=2 new ses=208 res=1 filter spam-audit { program ("kernel") and message ("type=1006 audit") ;}; ##################### # Combine all the log-spam filters into one filter spam-global { not filter (spam-audit) and not filter (spam-sudo) ;}; ################################################### # Category filters filter cat-IPTables { message ("IPTables:") ;}; filter cat-dhcpcd { program ("dhcpcd") ;}; filter cat-cron { program ("crond?" flags("ignore-case")) ;}; filter cat-portage { message (" portage") ;}; ##################### # /not/ the cat-filters above filter cat-not { not filter (cat-IPTables) and not filter (cat-dhcpcd) and not filter (cat-cron) and not filter (cat-portage) ;}; ################################################################################# ######### Logs: connect sources, filters, destinations ######### ################################################################################# # general case, minus the categorized, below log { source (src); filter (spam-global); filter (cat-not); destination (messages); }; log { source (src); filter (spam-global); filter (cat-not); destination (log-tty); }; ################################################### # These categorize log { source (src); filter (cat-IPTables); destination (IPTables); }; log { source (src); filter (cat-cron); destination (cron); }; log { source (src); filter (cat-dhcpcd); destination (dhcpcd); }; log { source (src); filter (cat-portage); destination (portage); };
