On 08Dec2006 09:51, Styma, Robert E (Robert) <stymar@xxxxxxxxxxxxxxxxxx> wrote: | I upgraded from FC4 -> FC6 via CD's in upgrade | mode and now I am getting lots of cron entries | in /var/log/secure. Comparisons between the FC4 | /etc/syslog.conf file and the current copy show | it was not updated. These crond:session messages are | not useful to me and they can obscure real security messages. | | I see lots of entries like the following: | Dec 6 13:04:01 styma8 crond[29897]: pam_unix(crond:session): | session opened for user root by (uid=0) [...] | My /etc/syslog.conf file is pretty simple (see below). The only thing | I am directing to /var/log/secure is authpriv.* which I believe is the | default. I would prefer to send these cron messages to | either /var/log/cron | or the bit bucket. This leaves /var/log/secure more uncluttered. | | Can someone suggest a change to /etc/syslog.conf which would | affect the | change I want? Thank you for your time. [...] | # The authpriv file has restricted access. | authpriv.* /var/log/secure [...] | # Log cron stuff | cron.* /var/log/cron Do the messages appear in /var/log/cron also? If so, does changing the authpriv line like this: authpriv.*;cron.none /var/log/secure do anything useful? -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ You wouldn't... ...but you KNOW you could. - Original V65 Commercial