Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
Kirk
On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote:
Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
Kirk
Man I am glad you posted this, guess I will be staying on 4.1 for a while :-)
Ted
Well, Ted, it's not really that bad. A little RTFM (or release notes in this case) and it was fixed. All I had to do was start the auditd user-space tools and the messages are logged to /var/log/audit/audit.log. All I wanted was to get them out of /var/log/messages and the ring buffer.
Kirk
Ted Kaczmarek wrote:
On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote:
Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
Kirk
Man I am glad you posted this, guess I will be staying on 4.1 for a while :-)
Ted
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Kirk Bocek napisał(a):
Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
I have exactly the same problem. I've solved this by change in syslog.conf to look like: *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages and adding this line auth.info /var/log/cron.auth
It solved my problem byt its temporally, dont know what to do exactly to stop it.
Kirk Bocek napisał(a):
Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
I have exactly the same problem. I've solved this by change in syslog.conf to look like: *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages and adding this line auth.info /var/log/cron.auth
It solved my problem byt its temporally, dont know what to do exactly to stop it.
Marcin, that's actually a different problem having to do with (I believe) logging by a PAM module. This seems to be a feature of SELinux. I solved the problem by turning on the auditd daemon which causes the messages to be sent to /var/log/audit/audit.log.
Kirk
Marcin Godlewski wrote:
Kirk Bocek napisał(a):
Since updating to 4.2 my Opteron server has been flooded by messages like:
audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server.
Does anyone know how to turn these messages off or to redirect them?
I have exactly the same problem. I've solved this by change in syslog.conf to look like: *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages and adding this line auth.info /var/log/cron.auth
It solved my problem byt its temporally, dont know what to do exactly to stop it.
-
Kirk Bocek -
Marcin Godlewski -
Marcin Godlewski -
Ted Kaczmarek