Hi,
I've installed CentOS-4 4 days ago.
Now, every 5 minutes, crond opens and close a root session, with no other info. Example:
Apr 14 16:25:01 tux crond(pam_unix)[4031]: session opened for user root by (uid=0) Apr 14 16:25:02 tux crond(pam_unix)[4031]: session closed for user root
Every five minutes the same thing.
I have nothing in /etc/crontab that makes such a thing.
Does anyone knows why is this happening and what is crond doing ?
Any help would be apreciated.
/etc/crontab: -------------------- [root@tux cron.daily]# cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/
# run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly 00 3 * * 5 root /usr/local/bin/backup [root@tux cron.daily]# --------------------------------------------
Warm Regards, Mário Gamito
Hi,
Look at /etc/cron.d !!
I think it can help you!
Mário Gamito escreveu:
Hi,
I've installed CentOS-4 4 days ago.
Now, every 5 minutes, crond opens and close a root session, with no other info. Example:
Apr 14 16:25:01 tux crond(pam_unix)[4031]: session opened for user root by (uid=0) Apr 14 16:25:02 tux crond(pam_unix)[4031]: session closed for user root
Every five minutes the same thing.
I have nothing in /etc/crontab that makes such a thing.
Does anyone knows why is this happening and what is crond doing ?
Any help would be apreciated.
/etc/crontab:
[root@tux cron.daily]# cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/
# run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly 00 3 * * 5 root /usr/local/bin/backup [root@tux cron.daily]#
Warm Regards, Mário Gamito
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, April 14, 2005 8:11 am, Marcelo Renan Becher said:
Hi,
Look at /etc/cron.d !!
I think it can help you!
Right ... probably mrtg or something else is /etc/cron.d/ running every five minutes.
BUT, the real problem is that the message should probably go somewhere else ... or not be logged at all.
really... I`ve found other thing that is doing that /var/log/messages is staying bigger..
I installed the sysstats module in webmin, and this runs each minute... Each time sysstats runs, a new event appears in /var/log/messages..
Can I disable this?
I was using this module in Conectiva Linux, and this don't happens..
Tks,
Johnny Hughes escreveu:
On Thu, April 14, 2005 8:11 am, Marcelo Renan Becher said:
Hi,
Look at /etc/cron.d !!
I think it can help you!
Right ... probably mrtg or something else is /etc/cron.d/ running every five minutes.
BUT, the real problem is that the message should probably go somewhere else ... or not be logged at all.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
Johnny Hughes wrote:
On Thu, April 14, 2005 8:11 am, Marcelo Renan Becher said:
Hi,
Look at /etc/cron.d !!
I think it can help you!
Right ... probably mrtg or something else is /etc/cron.d/ running every five minutes.
Yes, it mrtg. Anyway, strange thing this is.
Warm Regards, Mário Gamito
BUT, the real problem is that the message should probably go somewhere else ... or not be logged at all.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am Do, den 14.04.2005 schrieb Mário Gamito um 20:13:
Right ... probably mrtg or something else is /etc/cron.d/ running every five minutes.
Yes, it mrtg. Anyway, strange thing this is.
Mário Gamito
It is not strange. vixiecron has PAM auth since version 4 and that is logged.
Alexander
On Thu, April 14, 2005 10:52 am, Mário Gamito said:
Hi,
I've installed CentOS-4 4 days ago.
Now, every 5 minutes, crond opens and close a root session, with no other info. Example:
Apr 14 16:25:01 tux crond(pam_unix)[4031]: session opened for user root by (uid=0) Apr 14 16:25:02 tux crond(pam_unix)[4031]: session closed for user root
Every five minutes the same thing.
I have nothing in /etc/crontab that makes such a thing.
Does anyone knows why is this happening and what is crond doing ?
Any help would be apreciated.
/etc/crontab:
[root@tux cron.daily]# cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/
# run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly 00 3 * * 5 root /usr/local/bin/backup [root@tux cron.daily]#
Believe it or not, this is a normal thing. Crond logs in as root at least every 5 minutes. The way the system is setup by default, that will cause a log entry.
https://www.redhat.com/archives/fedora-list/2005-February/msg06858.html
https://www.redhat.com/archives/fedora-list/2005-February/msg06867.html
It needs to fixed (in my opinion) ... I'll see what I can figure out.
You can at least strip this out to another file, so you can get it out of /var/log/messages and somewhere else.
Edit the file /etc/syslog.conf and find the line:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Change it to:
*.info;auth.none;mail.none;authpriv.none;cron.none /var/log/messages
then add these lines:
# Strip out auth info auth.* /var/log/auth
Save the file....
This will make it so that there is a seperate file that is /var/log/auth .. which will contain all auth log info
Next, you need to make sure that log file ( /var/log/auth ) is rotated like all the other syslog logs. Edit the file /etc/logrotate.d/syslog and add /var/log/auth to the top line and save the file.
Now restart syslog with the command:
/etc/init.d/syslog restart
Hi Johnny,
Thank you for your precious tip.
Warm Regards, Mário Gamito
Johnny Hughes wrote:
You can at least strip this out to another file, so you can get it out of /var/log/messages and somewhere else.
Edit the file /etc/syslog.conf and find the line:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Change it to:
*.info;auth.none;mail.none;authpriv.none;cron.none /var/log/messages
then add these lines:
# Strip out auth info auth.* /var/log/auth
Save the file....
This will make it so that there is a seperate file that is /var/log/auth .. which will contain all auth log info
Next, you need to make sure that log file ( /var/log/auth ) is rotated like all the other syslog logs. Edit the file /etc/logrotate.d/syslog and add /var/log/auth to the top line and save the file.
Now restart syslog with the command:
/etc/init.d/syslog restart
-
Alexander Dalloz -
Johnny Hughes -
Marcelo Renan Becher -
Mário Gamito