On a modern debian system (and other linuxes as well), the cron daemon is PAM-enabled, which is probably a good thing. One downside is that you get your /var/log/auth.log
full of messages like:
Sep 11 11:15:01 otto CRON[8755]: pam_unix(cron:session): session opened for user jojo by (uid=0) Sep 11 11:15:01 otto CRON[8755]: pam_unix(cron:session): session closed for user jojo
I think these are pretty useless and make it harder to find real authentication related entries in auth.log
, especially if you get them every five minutes. Luckily, the fix is pretty simple: Just edit /etc/pam.d/cron
and comment out the line @include common-session
, as that only calls pam_unix.so
which in turn, for session management, does nothing but logging anyways.
To further separate the cron logs, you can remove these entries to syslog:
Sep 11 07:17:01 quimby /USR/SBIN/CRON[7949]: (root) CMD ( run-parts --report /etc/cron.hourly)
by configuring /etc/syslog.conf
to move them to a logfile on its own:
*.*;auth,authpriv,cron.none -/var/log/syslog cron.* -/var/log/cron.log
Have something to say? You can post a comment by sending an e-Mail to me at <mail@joachim-breitner.de>, and I will include it here.
thanks!