Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: Recommend cronie instead of vixie-cron in handbook?
Date: Fri, 27 Dec 2013 06:57:27
Message-Id: pan$6fdf3$b0753229$2758184c$95001124@cox.net
In Reply to: Re: [gentoo-dev] Re: Recommend cronie instead of vixie-cron in handbook? by Daniel Campbell
1 Daniel Campbell posted on Thu, 26 Dec 2013 22:02:31 -0600 as excerpted:
2
3 > On 12/25/2013 08:43 AM, Duncan wrote:
4 >>
5 >> I [replaced vixie-cron with cronie] too, a few days ago.
6 >>
7 >> TL;DR: Drop-in but for the log-spamming. =:^(
8 >>
9 >> While cronie itself was simple and drop-in for vixie-cron, it DID start
10 >> rather severely log-spamming, IIRC four log-lines every 10 minutes when
11 >> the run-crons ran.
12
13 > Could you share the lines that provided the filtering? I'm sure it would
14 > help others. Your e-mail led me to check my logs to see if I have the
15 > same, but I don't know where to look.
16
17 I think I mentioned that I'm using syslog-ng here. ~arch, so version
18 3.4.6. Stable 3.4.2 should be similar but it may not be identical.
19
20 I had started to post a big long explanation, but then decided simply
21 posting my entire syslog-ng.conf file with a shorter explanation would be
22 better. There's nothing really private in it.
23
24 The way I handle filters is to setup the original message-selecting
25 filters first, then combine them with AND NOT as appropriate in a second-
26 level message-rejecting filter. I have two sets of filters, thus two
27 second level filters into which the others feed, the spam filters and the
28 category filters.
29
30 The category filters are setup to select a particular category of
31 messages; for instance, all messages from cron. The category selecting
32 filter is then used in a log section, to route the selected messages to a
33 particular file. The second level rejecting filter is in turn used to
34 filter out all the categorized messages from the log stream going to the
35 generic messages file, so it doesn't get the categorized messages and is
36 thus less noisy, making it easier to process what /does/ come thru.
37
38 The spam filters are setup similarly, with individual selection filters
39 and a single second level rejection filter, except I don't want to log
40 those messages at all, so the only thing the selection filters are used
41 for is to feed into the rejection filter. Still, that seemed the simplest
42 and most logical way to handle it, to me.
43
44 Setup that way, the log sections stay short and simple, not the hairball
45 of individual selection and rejection filters they could become otherwise.
46
47 OK, the file is included inline after my sig, below... (Since I
48 use pan for my lists via nntp://news.gmane.org, and pan normally yencodes
49 attachments for USENET posting while most mail clients don't handle yenc,
50 I won't try attaching the file that way as it'd come thru as gibberish to
51 most. I could inline UUE it, but as it's text anyway, I'll post it inline
52 with auto-wrapping off and hope it doesn't get mangled.)
53
54 --
55 Duncan - List replies preferred. No HTML msgs.
56 "Every nonfree program has a lord, a master --
57 and if you use the program, he is your master." Richard Stallman
58
59
60
61
62 @version: 3.4
63 @include "scl.conf"
64 # /etc/syslog-ng/syslog-ng.conf
65 # JED: don't etc-update replace!
66
67 #################################################################################
68 ######### Options: syslog-ng general options #########
69 #################################################################################
70
71 options {
72 threaded(yes);
73 stats_freq (43200);
74 mark_freq (3600);
75 };
76
77
78 #################################################################################
79 ######### Sources: where messages come from #########
80 #################################################################################
81
82 source src {
83 system();
84 internal();
85 };
86
87 #################################################################################
88 ######### Destinations: where messages go #########
89 #################################################################################
90
91 # NOTE: Default destination output format template
92 # (admin guide section 11.1.2, templates and macros)
93
94 #template default {
95 # (template("${ISODATE} ${HOST} ${MSGHDR}${MSG}\n");
96 # template_escape(no);
97 #};
98
99 # ${MSGHDR} further defines to "PROGRAM[PID]: " (note trailing space),
100 # with a kernel MSGHDR obviously lacking [PID], so...
101
102 # final format is: ISODATE HOST PROGRAM[PID] MSG(=content)
103
104 ###################################################
105
106 # global destinations
107
108 destination messages {
109 file ("/var/log/messages");
110 };
111
112 destination log-tty {
113 file ("/dev/tty12");
114 };
115
116 # for programs like xconsole using /dev/console...
117 #destination dev-console {
118 # file ("/dev/console");
119 #};
120
121 ###################################################
122
123 # categorized destinations
124
125 destination IPTables {
126 file ("/var/log/iptables"); };
127
128 destination dhcpcd {
129 file ("/var/log/dhcpcd");
130 };
131
132 destination cron {
133 file ("/var/log/cron");
134 };
135
136 destination portage {
137 file ("/var/log/portage-msg");
138 };
139
140 #################################################################################
141 ######### Filters: which messages #########
142 #################################################################################
143
144 # log-spam pre-filters, combined in spam-global, below
145
146 # sudo has its own, better log, but pam_unix spams it to syslog too
147 filter spam-sudo {
148 program ("sudo")
149 ;};
150
151 # 2013.1217 kernel type=1006 (AUDIT_LOGIN) auditing enabled and logging
152 # on cron's 10-minute run-crons.
153 # kernel: type=1006 audit(1387288201.202:209): pid=5760 uid=0 old auid=501
154 # new auid=0 old ses=2 new ses=208 res=1
155 filter spam-audit {
156 program ("kernel")
157 and message ("type=1006 audit")
158 ;};
159
160 #####################
161
162 # Combine all the log-spam filters into one
163
164 filter spam-global {
165 not filter (spam-audit)
166 and not filter (spam-sudo)
167 ;};
168
169 ###################################################
170
171 # Category filters
172
173 filter cat-IPTables {
174 message ("IPTables:")
175 ;};
176
177 filter cat-dhcpcd {
178 program ("dhcpcd")
179 ;};
180
181 filter cat-cron {
182 program ("crond?" flags("ignore-case"))
183 ;};
184
185 filter cat-portage {
186 message (" portage")
187 ;};
188
189 #####################
190
191 # /not/ the cat-filters above
192
193 filter cat-not {
194 not filter (cat-IPTables)
195 and not filter (cat-dhcpcd)
196 and not filter (cat-cron)
197 and not filter (cat-portage)
198 ;};
199
200 #################################################################################
201 ######### Logs: connect sources, filters, destinations #########
202 #################################################################################
203
204 # general case, minus the categorized, below
205
206 log {
207 source (src);
208 filter (spam-global);
209 filter (cat-not);
210 destination (messages);
211 };
212
213 log {
214 source (src);
215 filter (spam-global);
216 filter (cat-not);
217 destination (log-tty);
218 };
219
220 ###################################################
221
222 # These categorize
223
224 log {
225 source (src);
226 filter (cat-IPTables);
227 destination (IPTables);
228 };
229
230 log {
231 source (src);
232 filter (cat-cron);
233 destination (cron);
234 };
235
236 log {
237 source (src);
238 filter (cat-dhcpcd);
239 destination (dhcpcd);
240 };
241
242 log {
243 source (src);
244 filter (cat-portage);
245 destination (portage);
246 };