1 |
On 12/25/2013 08:43 AM, Duncan wrote: |
2 |
> Alice Ferrazzi posted on Wed, 25 Dec 2013 15:38:42 +0900 as excerpted: |
3 |
> |
4 |
>> On Sun, Dec 15, 2013 at 2:19 AM, Michael Orlitzky <mjo@g.o> |
5 |
>> wrote: |
6 |
>>> rc-update del vixie-cron default |
7 |
>>> /etc/init.d/vixie-cron stop |
8 |
>>> emerge -C vixie-cron |
9 |
>>> emerge cronie |
10 |
>>> rc-update add cronie default |
11 |
>>> /etc/init.d/cronie start |
12 |
>> |
13 |
>> I Just did the same, is simple and "drop-in" |
14 |
> |
15 |
> I did it too, a few days ago. |
16 |
> |
17 |
> TL;DR: Drop-in but for the log-spamming. =:^( |
18 |
> |
19 |
> While cronie itself was simple and drop-in for vixie-cron, it DID start |
20 |
> rather severely log-spamming, IIRC four log-lines every 10 minutes when |
21 |
> the run-crons ran. As a result, while the functionality was drop-in |
22 |
> replacement, for the system as a whole it wasn't purely a drop-in |
23 |
> replacement, as I had to adjust logging somewhat to kill the spamming. |
24 |
> |
25 |
> An update tweak to my syslog-ng.conf category-cron filter later, and I |
26 |
> was down to a single log entry in the general messages log every ten |
27 |
> minutes, the other three diverted to my separate cron log. |
28 |
> |
29 |
> The remaining one was an audit entry (type=1006) output by the kernel. |
30 |
> Of course I could filter that out or divert it to the cron log too, but |
31 |
> first I needed to know the significance. After all, it's not often I get |
32 |
> the kernel outputting audit entries. |
33 |
> |
34 |
> A bit of googling later, I found that the type 1006 audit entries I was |
35 |
> getting were AUDIT_LOGIN related, due to the way cron changes user to run |
36 |
> its various programmed entries. Of course one can turn off the kernel's |
37 |
> corresponding audit options, but that affects other things too. |
38 |
> Meanwhile, the google turned up some RHEL/Fedora complaints about |
39 |
> something similar. Apparently in this case the kernel defaults to log- |
40 |
> spamming even if audit logging is generally deactivated. I could try |
41 |
> installing an audit tool and configure it to turn that off specifically, |
42 |
> but meh, just set a syslog filter for it; the effect is the same either |
43 |
> way. |
44 |
> |
45 |
|
46 |
Could you share the lines that provided the filtering? I'm sure it would |
47 |
help others. Your e-mail led me to check my logs to see if I have the |
48 |
same, but I don't know where to look. |