This is my week of playing around with mail servers and I have been keeping an eye on the logs on a regular basis. I noticed that the
auth.log was riddled with millions of these pointless (from my POV anyhow) log entries:
CRON: pam_unix(cron:session): session opened for user root by (uid=0)
CRON: pam_unix(cron:session): session closed for user root
This is - as is readily apparent - happening because of cron which can run every minute, every 10 minutes, every hour, and so on as configured. When cron does this running it often runs as root and doing so creates a session for said user. This, due to the default settings of most Linices, is logged (which does seem prudent if it wasn't so annoying) in auth.log. A kind soul on the Debian bug tracker has provided a solution that does not log this session activity, but only when run by cron. To do this (on Debian/Ubuntu):
- Go to the
- Open the file
common-session-noninteractivein an editor.
- Look for the following line:
session required pam_unix.so
- Above this line, add the following:
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
- Save the file and exit.
- Restart crond using something like
service cron restart.
... and that should do it!
Hope this helps :)
Thank you very much. I was terribly anoyed by this log-spam generated by a two cron jobs which both run every minute.
It helped me to shrink the logfile.
What you neglegted to mention is that the cron sevice needs a restart:
service cron restart
Anyway: thanks for helping me :)
Thanks Dan. I've added the
Thanks Dan. I've added the step :)
illegal module type: service
Not all my Ubuntu machines like this adjustment.
I have checked if I made a typo but did not, I get the message:
PAM (cron) illegal module type: service
Now my auth.log is filled with this message instead of the pam_unix
What can be the reason for this message?
Perhaps you can compare the
Perhaps you can compare the config files (common-session-noninteractive) in all your machines to see if there are any discrepancies?
Thank you for this
Thank you very much for this. Was looking to reduce the log spam from my servers, and since it was switched over to systemd the regular filtering methods didn't work, so was more interested to find the real location to fix this.
This blog post helped :)
Thanks for putting this out there.
Exactly the fix I was looking for. Little blurbs like this are perfect when it comes to helping other admins. Thanks!
Thanks! No idea why somebody
Thanks! No idea why somebody would want to see those cron auth.log messages.
thanks for this
thanks for this