HOWTO vixie-cron notes

From Research
Revision as of 19:17, 8 February 2008 by Gordp (talk | contribs)
Jump to navigation Jump to search

On a hardened gentoo machine, the main /var/log/messages file becomes hugely cluttered with the minute-by-minute cron messages. They are far too verbose :-( Cut down on the clutter by editing and adding the red/bold change:

hostname ~ # emacs -nw /etc/syslog-ng/syslog-ng.conf
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
#filter f_ppp { facility(ppp); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, mail, news, cron); };
filter f_emergency { level(emerg); };

Minute-by-minute cron messages are still logged, but only to /var/log/cron.log, not the main /var/log/messages file. Sanity is restored :-)


For Reference, here are a number of example syslog-ng.conf files:

Typical hardened syslog-ng.conf

Typical workstation syslog-ng.conf