|
cron:session flood my auth.log
Hi folks, first of all i am sorry about my English.
I am running Apache 2 mod php5, it uses a cron job for cleaning sessions, ok. Also, Debian uses another one. CRON[x]: pam_unix(cron:session): session opened for user root by (uid=0), flood my auth.log I want to keep this pam-cron logs, but not in auth.log, i tried to making an rsyslog.d rule, but it does not work: # vi auth-cron.conf if $syslogfacility-text == 'auth' \ and $msg contains 'CRON*' then -/var/log/auth-cron.log if $syslogfacility-text == 'authpriv' \ and $msg contains 'CRON*' then -/var/log/auth-cron2.log & ~ I am very bad with scripting, and much more bad with rsyslog scripting... Any help? Thanks |
Rsyslog comes with way more options than stock syslogd and I'm sure I haven't tried all options so YMMV(VM). "cron" is a facility ('man 3 syslog') so I'd say either:
Code:
cron.* /var/log/cron # you should already have this line.Code:
cron.* /var/log/cron # you should already have this line. |
Dec 3 15:17:01 xxx CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
it does not work, but thank you for your reply. Maybe it is a auth facility? because it is pam module, who logs cron sessions? i don't know... |
Quote:
Quote:
|
| All times are GMT -5. The time now is 09:29 PM. |