anyone know where these are coming from?
Hi all, My system is running fedora core 3. My /var/log/messages gets full of these: Feb 20 00:10:03 quadzilla crond(pam_unix)[29549]: session closed for user root for every cron job that runs. However these aren't cron messages, because anything from cron goes into a separate log. I'm wondering if anyone knows a way to filter these without using a match rule, or how it's possible to determine what program is sending these messages? thanks -Mike
These are pam-authentication module messages . __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
I wonder what facility makes those log entries. Shouldn't they be part of "auth"? Abkhan wrote:
These are pam-authentication module messages .
__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
I created rules in the config file: filter f_cron_pam { match("crond(pam_unix)"); }; log { source(s_sys); filter(f_cron_pam); \ destination(d_auth); flags(final); }; And yet, these messages still go into /var/log/messages! Why? Weird! If I make a logger test message, like logger "crond(pam_unix) test" they go into /var/log/messages. Maybe my match is wrong? Do I need to escape some of the characters perhaps? Abkhan wrote:
These are pam-authentication module messages .
__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Abkhan
-
Mike Pepe