On Sat, Feb 26, 2005 at 12:33:42AM -0600, Jess Anderson wrote: > Here's the substance: > In /etc/syslog.conf, there's a line that reads > *.info;mail.none;authpriv.none;cron.none /var/log/messages > Changing that to > *.info;auth.none;mail.none;authpriv.none;cron.none /var/log/messages > and restarting syslogd (kill -SIGHUP <pid of running syslogd>) > stops logging of the crond(pam_unix) items to syslog. > Ian mentions that this may also stop important auth messages, > in which case changing the priority level might be necessary. Yes. You're covering up the symptom (auth messages are being logged) without solving the problem (cron/pam generating too many auth messages which aren't very interesting). Meanwhile, since by definition auth messages are some of the most important security events, you've significantly decreased the value of your logs. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
