Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Cron message every 10 minutes in /var/log/message...
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613

PostPosted: Sat Oct 16, 2004 5:30 pm    Post subject: Cron message every 10 minutes in /var/log/message... Reply with quote

Is it really necessary to have these in the log?

Quote:
Oct 16 18:50:00 gen2 CRON[8411]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Oct 16 19:00:00 gen2 CRON[8425]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Oct 16 19:00:00 gen2 CRON[8428]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)


That's prettymuch everything I have in my log. Is it really necessary to log all this cron activity? Just wondering.
Back to top
View user's profile Send private message
firephoto
Veteran
Veteran


Joined: 29 Oct 2003
Posts: 1593
Location: +48° 5' 23.40", -119° 48' 30.00"

PostPosted: Sat Oct 16, 2004 5:49 pm    Post subject: Reply with quote

Not sure if you're using syslog-ng but if you are you can put this at the end of your /etc/syslog-ng/syslog-ng.conf

Code:

filter f_not_cron_test { not facility(cron) or not match("test"); };
log { source(src); filter(f_not_cron_test); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(console_all); };

One/some of those lines might already be there, but you'll figure it out.
Back to top
View user's profile Send private message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613

PostPosted: Sat Oct 16, 2004 10:41 pm    Post subject: Reply with quote

Thanks! Yes it is syslog-ng that I have.
I added those lines. Now it's just to wait and see if those lines disappeared.
I thought that the way to do that right was to do something in cron, so that it is not reporting to syslog-ng. I wasn't thinking of just filtering the messages in syslog...

Oh there it is again. Do I have to restart syslog-ng after changing the conf-file?
Back to top
View user's profile Send private message
firephoto
Veteran
Veteran


Joined: 29 Oct 2003
Posts: 1593
Location: +48° 5' 23.40", -119° 48' 30.00"

PostPosted: Sat Oct 16, 2004 11:30 pm    Post subject: Reply with quote

I think you do have to restart it most likely.

I had the same problem when I switched loggers, I had a big log file full of cron tests.
Back to top
View user's profile Send private message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613

PostPosted: Sat Oct 16, 2004 11:39 pm    Post subject: Reply with quote

I restarted it but I still get those messages every 10 minutes...
This is my /etc/syslog-ng/syslog-ng.conf:
Quote:

options {
long_hostnames(off);
sync(0);


stats(43200);
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

destination console_all { file("/dev/tty12"); };
/dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

filter f_not_cron_test { not facility(cron) or not match("test"); };
log { source(src); filter(f_not_cron_test); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(console_all); };



Quote:

Oct 17 01:26:42 gen2 syslog-ng[4947]: new configuration initialized
Oct 17 01:26:42 gen2 syslog-ng[4947]: Changing permissions on special file /dev/tty12
Oct 17 01:26:42 gen2 syslog-ng[4947]: Changing permissions on special file /dev/tty12
Oct 17 01:26:42 gen2 syslog-ng[4947]: new configuration initialized
Oct 17 01:26:41 gen2 syslog-ng[4947]: SIGHUP received, restarting syslog-ng
Oct 17 01:30:00 gen2 CRON[9445]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )


As you can see the testline is still there after the restart...
Back to top
View user's profile Send private message
firephoto
Veteran
Veteran


Joined: 29 Oct 2003
Posts: 1593
Location: +48° 5' 23.40", -119° 48' 30.00"

PostPosted: Sat Oct 16, 2004 11:54 pm    Post subject: Reply with quote

dj_farid wrote:
I restarted it but I still get those messages every 10 minutes...
This is my /etc/syslog-ng/syslog-ng.conf:
Code:

log { source(src); destination(messages); };
log { source(src); destination(console_all); };



Lose those two lines and you should be good.
Back to top
View user's profile Send private message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613

PostPosted: Sun Oct 17, 2004 12:34 am    Post subject: Reply with quote

Great! Thanks!
Back to top
View user's profile Send private message
stdPikachu
Apprentice
Apprentice


Joined: 10 Mar 2004
Posts: 254
Location: UK

PostPosted: Fri Jun 22, 2007 2:04 pm    Post subject: Reply with quote

I'm still trying to get my head around all of this.

I've already set up a filter to have my cron output redirected to /var/log/cron.log; how do I stop the useless test -x messages being logged along with it? Is it just a matter of creating a new destination (i.e. /dev/null) and setting up a filter that greps for cron test messages? I think my problem is that I see the syntax as back-asswards; "filter not facility cron" reads to me like it's filtering everything that isn't cron.
Code:
prospero ~ # cat /etc/syslog-ng/syslog-ng.conf
# /etc/syslog-ng/syslog-ng.conf
# From the Gentoo Linux Security Guide
# http://www.gentoo.org/doc/en/gentoo-security.xml
# Creative Commons - Attribution / Share Alike License
# http://creativecommons.org/licenses/by-sa/2.0

options { long_hostnames(off); sync(0); stats(21600);};

#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };

#define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
# Should be maillog (Without dot) as it was the default on logwatch
destination mail { file("/var/log/maillog"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
destination ldap { file("/var/log/ldap/slapd.log"); };

#create filters
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };
filter f_ldap { program("slapd"); };
# Filter for stupid cron output
filter f_cron_notest { not facility(cron) or not match("test"); };

#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_ldap); destination(ldap); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };

#default log
log { source(src); destination(console_all); };
Back to top
View user's profile Send private message
timeBandit
Bodhisattva
Bodhisattva


Joined: 31 Dec 2004
Posts: 2673
Location: here, there or in transit

PostPosted: Fri Jun 22, 2007 2:19 pm    Post subject: Reply with quote

stdPikachu wrote:
I think my problem is that I see the syntax as back-asswards; "filter not facility cron" reads to me like it's filtering everything that isn't cron.

That's exactly what it's doing. :wink:

You just need to reverse your sense of "filter" in this context: filter in not filter out. The filters in syslog-ng define messages you want to accept, not ones you want to reject. So "not facility cron" accepts every message except those from the cron facility.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.
Back to top
View user's profile Send private message
stdPikachu
Apprentice
Apprentice


Joined: 10 Mar 2004
Posts: 254
Location: UK

PostPosted: Tue Jul 03, 2007 1:02 pm    Post subject: Reply with quote

Doesn't that mean that if I leave these filter entries out entirely I will, by default, not log these bloody annoying cron messages? Obviously that doesn't work, but I'm failing to see how to refuse these messages with my syslog-ng setup.

I'm just about to try a "destination null { file("/dev/null"); };" to see if that'll make any difference. In the meantime, is there any reason that this cron job can't be deleted entirely from /etc/crontab? As far as I can tell all it's doing is checking that run-crons is executable; won't this always be the case?
Back to top
View user's profile Send private message
think4urs11
Administrator
Administrator


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud

PostPosted: Tue Jul 03, 2007 7:55 pm    Post subject: Reply with quote

stdPikachu wrote:
Doesn't that mean that if I leave these filter entries out entirely I will, by default, not log these bloody annoying cron messages? Obviously that doesn't work, but I'm failing to see how to refuse these messages with my syslog-ng setup.

As long as you do not use a filter statement in your log lines think of a implicit filter like 'match everything'.

For everything else it works like

Example1: Starting with the easy one
Code:
destination test { file("/var/log/testlog"); };
filter f_test { match("foo") or match("bar"); };
log { source(src); filter(f_test); destination(test); };

logger foo - will be logged
logged bar - will be logged
logger foo bar - will be logged

pretty easy and obvious, isn't it? Ok then, lets go on

Example2: the filter line is changed to
Code:
filter like filter f_test { match("foo") or not match("bar"); };

logger foo - will be logged
logged bar - will _not_ be logged
logger foo bar - will be logged

Expected that? Ok, annother one

example3: the filter is again changed, now to read as
Code:
filter f_test { not match("foo") or not match("bar"); };

logger foo - will be logged
logged bar - will be logged
logger foo bar - will _not_ be logged

In your case what you want is
a) all messages with facility cron in the file /var/log/cron.log
b) _not_ log messages with facility cron _and_ matching the filter 'test', all others should still be logged

would give a setup like
Code:
destination test { file("/var/log/testlog"); };
filter f_test { match("foo"); };
filter f_test2 { not match("bar"); };
log { source(src); filter(f_test); filter(f_test2); destination(test); };

logger foo - will be logged
logged bar - will _not_ be logged
logger foo bar - will _not_ be logged
logger foo something - will be logged
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum