Re: filling my logs after upgrade to woody
On Sun, Jun 09, 2002 at 02:51:02PM -0700, Bill Wohler wrote:
> Keith Robinson <kar@foomonster.co.uk> writes:
> > On Sat, Jun 08, 2002 at 01:42:28PM -0700, Bill Wohler wrote:
> > > Keith Robinson <kar@foomonster.co.uk> writes:
> > > > Jun 8 21:00:01 harvey PAM_unix[10392]: (cron) session closed for user root
> > > >
> > > > This is really annoying when I'm checking the logs. I've had a look for the problem, but came up emtpy.
> > >
> > > Not a problem, just PAM reporting setuid calls.
> > >
> >
> > Cheers for the response. Any way of redirecting this output to a different log, or is it just something that I'll have to work around when surveying the logs?
>
> The answer is most likely yes, although I'd have to dig through the
> syslog and PAM man pages to find the spells to throw into the witches'
> pot, namely syslog.conf.
>
> However, you probably really don't want to do that. That information
> might be useful in the case of a security breach. As you mention,
> ignoring the messages until you do need them is a reasonable approach.
> Indeed, this is what I do in my logcheck filters.
>
Yes, I think this is probably the best response. It had crossed my mind to filter the logs with a small perl script, but, as you say, this information won't then be available to me should I need to refer to it. So I'll just read around it.
Thanks for your responses, Bill. Most appreciated.
Keith
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: