I did not get any suggestions as to how to suppress these messages, so I am rephrasing my question. To Those who know syslog well: I upgraded from FC4 -> FC6 via CD's in upgrade mode and now I am getting lots of cron entries in /var/log/secure. Comparisons between the FC4 /etc/syslog.conf file and the current copy show it was not updated. These crond:session messages are not useful to me and they can obscure real security messages. I see lots of entries like the following: Dec 6 13:04:01 styma8 crond[29897]: pam_unix(crond:session): session opened for user root by (uid=0) Dec 6 13:04:02 styma8 crond[29897]: pam_unix(crond:session): session closed for user root Dec 6 13:05:01 styma8 crond[29913]: pam_unix(crond:session): session opened for user root by (uid=0) Dec 6 13:05:02 styma8 crond[29913]: pam_unix(crond:session): session closed for user root My /etc/syslog.conf file is pretty simple (see below). The only thing I am directing to /var/log/secure is authpriv.* which I believe is the default. I would prefer to send these cron messages to either /var/log/cron or the bit bucket. This leaves /var/log/secure more uncluttered. Can someone suggest a change to /etc/syslog.conf which would affect the change I want? Thank you for your time. Bob Styma #----- /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log auth.=info /var/log/cron
