LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   the significance and name of the 5th column of /var/log/auth.log (ubuntu server)? (http://www.linuxquestions.org/questions/linux-security-4/the-significance-and-name-of-the-5th-column-of-var-log-auth-log-ubuntu-server-702283/)

CoffeeKing!!! 02-04-2009 12:01 PM

the significance and name of the 5th column of /var/log/auth.log (ubuntu server)?
 
What is the significance and name of the 5th column of /var/log/auth.log of my ubuntu server?

When I:
Code:

cat /var/log/auth.log | awk {'print $5'}
I get:
Code:

CRON[5966]:
CRON[5979]:
CRON[5979]:
CRON[6046]:
CRON[6046]:
CRON[6082]:
CRON[6082]:
CRON[6149]:
CRON[6149]:
sshd[6216]:
sshd[6216]:

and so on. What are these cron jobs running and what does the number next to them mean?

CoffeeKing!!! 02-04-2009 12:11 PM

The crons must be tcp keep alives?
 
Code:

cat /var/log/auth.log | awk {'print $3" ", $5'}
Code:

13:10:01  CRON[5979]:
13:10:02  CRON[5979]:
13:17:01  CRON[6046]:
13:17:01  CRON[6046]:
13:20:01  CRON[6082]:
13:20:02  CRON[6082]:
13:30:01  CRON[6149]:
13:30:02  CRON[6149]:
13:33:32  sshd[6216]:
13:33:32  sshd[6216]:
13:39:01  CRON[6266]:

Can someone tell me more? What is pam_unix doing every ten minutes!!!???
Code:

crontab -u root -l
shows no crontab for root!!!


edit :
Code:

cat /var/log/auth.log
Code:

Feb  4 13:39:01 server CRON[6266]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:39:01 server CRON[6266]: pam_unix(cron:session): session closed for user root
Feb  4 13:40:01 server CRON[6307]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:40:02 server CRON[6307]: pam_unix(cron:session): session closed for user root
Feb  4 13:50:01 server CRON[6423]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 13:50:02 server CRON[6423]: pam_unix(cron:session): session closed for user root
Feb  4 14:00:01 server CRON[6513]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 14:00:02 server CRON[6513]: pam_unix(cron:session): session closed for user root
Feb  4 14:09:01 server CRON[6660]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  4 14:09:01 server CRON[6660]: pam_unix(cron:session): session closed for user root
Feb  4 14:10:01 server CRON[6695]: pam_unix(cron:session): session opened for user root by (uid=0)


CoffeeKing!!! 02-04-2009 09:48 PM

please erase this thread admin...
 
I've refined my question

slimm609 02-04-2009 10:09 PM

Please close the thread as it is a duplicate and has already been answered here
http://www.linuxquestions.org/questi...th.log-702381/

win32sux 02-05-2009 07:32 AM

This thread is a duplicate and has been closed.


All times are GMT -5. The time now is 11:16 PM.