From owner-freebsd-security  Mon Jan 28 12: 3:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219])
	by hub.freebsd.org (Postfix) with ESMTP id 5455C37B404
	for <freebsd-security@FreeBSD.ORG>; Mon, 28 Jan 2002 12:03:40 -0800 (PST)
Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1])
	by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g0SK3cM24648
	for <freebsd-security@FreeBSD.ORG>; Mon, 28 Jan 2002 14:03:39 -0600 (CST)
	(envelope-from martin@dc.cis.okstate.edu)
Message-Id: <200201282003.g0SK3cM24648@dc.cis.okstate.edu>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Controlling Cron Logging 
Date: Mon, 28 Jan 2002 14:03:38 -0600
From: Martin McCormick <martin@dc.cis.okstate.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Daniel Brown writes:
>It may not be wise to entirely remove cron from /var/log/syslog.  If
>something serious occurs and cron complains about it, generally it
>should still be logged to /var/log/syslog so it will not be overlooked.

	Good point.

>Try:
>
>*.info;auth.info;mail.warning;cron.warning	/var/log/syslog

	This is fine, now.  I did try the 

 *.info;auth.info;mail.warning;cron.none	/var/log/syslog

directive and an odd thing happened.  The effect was as if that
whole line had been removed or commented out.  All logging to
syslog stopped but the /var/log/cron file did continue to receive
cron reports.

	I went back and re-read the syslog.conf man page and it
may well be that the none action modifies all the facilities
designated on that line and separated by ;'s.  The more I look at
that man page, the more I am not sure if we've got a bug on our
hands or not.

	The cron.warning directive, however, did get the behavior
I was looking for.  It is good to have the routine activity in a
log, but I am glad to know that if there is a real problem, it
will show up in syslog.

	Many thanks to each of you.

Martin McCormick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message