| 1 |
On 12/25/2013 08:43 AM, Duncan wrote: |
| 2 |
> Alice Ferrazzi posted on Wed, 25 Dec 2013 15:38:42 +0900 as excerpted: |
| 3 |
> |
| 4 |
>> On Sun, Dec 15, 2013 at 2:19 AM, Michael Orlitzky <mjo@g.o> |
| 5 |
>> wrote: |
| 6 |
>>> rc-update del vixie-cron default |
| 7 |
>>> /etc/init.d/vixie-cron stop |
| 8 |
>>> emerge -C vixie-cron |
| 9 |
>>> emerge cronie |
| 10 |
>>> rc-update add cronie default |
| 11 |
>>> /etc/init.d/cronie start |
| 12 |
>> |
| 13 |
>> I Just did the same, is simple and "drop-in" |
| 14 |
> |
| 15 |
> I did it too, a few days ago. |
| 16 |
> |
| 17 |
> TL;DR: Drop-in but for the log-spamming. =:^( |
| 18 |
> |
| 19 |
> While cronie itself was simple and drop-in for vixie-cron, it DID start |
| 20 |
> rather severely log-spamming, IIRC four log-lines every 10 minutes when |
| 21 |
> the run-crons ran. As a result, while the functionality was drop-in |
| 22 |
> replacement, for the system as a whole it wasn't purely a drop-in |
| 23 |
> replacement, as I had to adjust logging somewhat to kill the spamming. |
| 24 |
> |
| 25 |
> An update tweak to my syslog-ng.conf category-cron filter later, and I |
| 26 |
> was down to a single log entry in the general messages log every ten |
| 27 |
> minutes, the other three diverted to my separate cron log. |
| 28 |
> |
| 29 |
> The remaining one was an audit entry (type=1006) output by the kernel. |
| 30 |
> Of course I could filter that out or divert it to the cron log too, but |
| 31 |
> first I needed to know the significance. After all, it's not often I get |
| 32 |
> the kernel outputting audit entries. |
| 33 |
> |
| 34 |
> A bit of googling later, I found that the type 1006 audit entries I was |
| 35 |
> getting were AUDIT_LOGIN related, due to the way cron changes user to run |
| 36 |
> its various programmed entries. Of course one can turn off the kernel's |
| 37 |
> corresponding audit options, but that affects other things too. |
| 38 |
> Meanwhile, the google turned up some RHEL/Fedora complaints about |
| 39 |
> something similar. Apparently in this case the kernel defaults to log- |
| 40 |
> spamming even if audit logging is generally deactivated. I could try |
| 41 |
> installing an audit tool and configure it to turn that off specifically, |
| 42 |
> but meh, just set a syslog filter for it; the effect is the same either |
| 43 |
> way. |
| 44 |
> |
| 45 |
|
| 46 |
Could you share the lines that provided the filtering? I'm sure it would |
| 47 |
help others. Your e-mail led me to check my logs to see if I have the |
| 48 |
same, but I don't know where to look. |
Archives