Re: filling my logs after upgrade to woody
On Sun, Jun 09, 2002 at 02:51:02PM -0700, Bill Wohler wrote: Keith Robinson [EMAIL PROTECTED] writes: On Sat, Jun 08, 2002 at 01:42:28PM -0700, Bill Wohler wrote: Keith Robinson [EMAIL PROTECTED] writes: Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy. Not a problem, just PAM reporting setuid calls. Cheers for the response. Any way of redirecting this output to a different log, or is it just something that I'll have to work around when surveying the logs? The answer is most likely yes, although I'd have to dig through the syslog and PAM man pages to find the spells to throw into the witches' pot, namely syslog.conf. However, you probably really don't want to do that. That information might be useful in the case of a security breach. As you mention, ignoring the messages until you do need them is a reasonable approach. Indeed, this is what I do in my logcheck filters. Yes, I think this is probably the best response. It had crossed my mind to filter the logs with a small perl script, but, as you say, this information won't then be available to me should I need to refer to it. So I'll just read around it. Thanks for your responses, Bill. Most appreciated. Keith -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: filling my logs after upgrade to woody
Keith Robinson [EMAIL PROTECTED] writes: On Sat, Jun 08, 2002 at 01:42:28PM -0700, Bill Wohler wrote: Keith Robinson [EMAIL PROTECTED] writes: Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy. Not a problem, just PAM reporting setuid calls. Cheers for the response. Any way of redirecting this output to a different log, or is it just something that I'll have to work around when surveying the logs? The answer is most likely yes, although I'd have to dig through the syslog and PAM man pages to find the spells to throw into the witches' pot, namely syslog.conf. However, you probably really don't want to do that. That information might be useful in the case of a security breach. As you mention, ignoring the messages until you do need them is a reasonable approach. Indeed, this is what I do in my logcheck filters. -- Bill Wohler [EMAIL PROTECTED] http://www.newt.com/wohler/ GnuPG ID:610BD9AD Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian! If you're passed on the right, you're in the wrong lane. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
filling my logs after upgrade to woody
Hi, Since upgrading my Potato box to woody, /etc/auth.log is full of the following: Jun 8 20:30:01 harvey PAM_unix[10313]: (cron) session opened for user root by (uid=0) Jun 8 20:30:01 harvey PAM_unix[10313]: (cron) session closed for user root Jun 8 20:38:01 harvey PAM_unix[10326]: (cron) session opened for user mail by (uid=0) Jun 8 20:38:01 harvey PAM_unix[10326]: (cron) session closed for user mail Jun 8 20:40:01 harvey PAM_unix[10338]: (cron) session opened for user root by (uid=0) Jun 8 20:40:01 harvey PAM_unix[10338]: (cron) session closed for user root Jun 8 20:50:01 harvey PAM_unix[10367]: (cron) session opened for user root by (uid=0) Jun 8 20:50:01 harvey PAM_unix[10367]: (cron) session closed for user root Jun 8 20:53:01 harvey PAM_unix[10369]: (cron) session opened for user mail by (uid=0) Jun 8 20:53:01 harvey PAM_unix[10369]: (cron) session closed for user mail Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session opened for user root by (uid=0) Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy. Any help would be appreciated. Thanks in advance. Keith -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: filling my logs after upgrade to woody
Keith Robinson [EMAIL PROTECTED] writes: Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy. Not a problem, just PAM reporting setuid calls. -- Bill Wohler [EMAIL PROTECTED] http://www.newt.com/wohler/ GnuPG ID:610BD9AD Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian! If you're passed on the right, you're in the wrong lane. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: filling my logs after upgrade to woody
On Sat, Jun 08, 2002 at 01:42:28PM -0700, Bill Wohler wrote: Keith Robinson [EMAIL PROTECTED] writes: Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy. Not a problem, just PAM reporting setuid calls. Cheers for the response. Any way of redirecting this output to a different log, or is it just something that I'll have to work around when surveying the logs? Keith -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]