From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: Recommend cronie instead of vixie-cron in handbook?
Date: Fri, 27 Dec 2013 06:56:45 +0000 (UTC) [thread overview]
Message-ID: <pan$6fdf3$b0753229$2758184c$95001124@cox.net> (raw)
In-Reply-To: 52BCFBD7.3010500@sporkbox.us
Daniel Campbell posted on Thu, 26 Dec 2013 22:02:31 -0600 as excerpted:
> On 12/25/2013 08:43 AM, Duncan wrote:
>>
>> I [replaced vixie-cron with cronie] too, a few days ago.
>>
>> TL;DR: Drop-in but for the log-spamming. =:^(
>>
>> While cronie itself was simple and drop-in for vixie-cron, it DID start
>> rather severely log-spamming, IIRC four log-lines every 10 minutes when
>> the run-crons ran.
> Could you share the lines that provided the filtering? I'm sure it would
> help others. Your e-mail led me to check my logs to see if I have the
> same, but I don't know where to look.
I think I mentioned that I'm using syslog-ng here. ~arch, so version
3.4.6. Stable 3.4.2 should be similar but it may not be identical.
I had started to post a big long explanation, but then decided simply
posting my entire syslog-ng.conf file with a shorter explanation would be
better. There's nothing really private in it.
The way I handle filters is to setup the original message-selecting
filters first, then combine them with AND NOT as appropriate in a second-
level message-rejecting filter. I have two sets of filters, thus two
second level filters into which the others feed, the spam filters and the
category filters.
The category filters are setup to select a particular category of
messages; for instance, all messages from cron. The category selecting
filter is then used in a log section, to route the selected messages to a
particular file. The second level rejecting filter is in turn used to
filter out all the categorized messages from the log stream going to the
generic messages file, so it doesn't get the categorized messages and is
thus less noisy, making it easier to process what /does/ come thru.
The spam filters are setup similarly, with individual selection filters
and a single second level rejection filter, except I don't want to log
those messages at all, so the only thing the selection filters are used
for is to feed into the rejection filter. Still, that seemed the simplest
and most logical way to handle it, to me.
Setup that way, the log sections stay short and simple, not the hairball
of individual selection and rejection filters they could become otherwise.
OK, the file is included inline after my sig, below... (Since I
use pan for my lists via nntp://news.gmane.org, and pan normally yencodes
attachments for USENET posting while most mail clients don't handle yenc,
I won't try attaching the file that way as it'd come thru as gibberish to
most. I could inline UUE it, but as it's text anyway, I'll post it inline
with auto-wrapping off and hope it doesn't get mangled.)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
@version: 3.4
@include "scl.conf"
# /etc/syslog-ng/syslog-ng.conf
# JED: don't etc-update replace!
#################################################################################
######### Options: syslog-ng general options #########
#################################################################################
options {
threaded(yes);
stats_freq (43200);
mark_freq (3600);
};
#################################################################################
######### Sources: where messages come from #########
#################################################################################
source src {
system();
internal();
};
#################################################################################
######### Destinations: where messages go #########
#################################################################################
# NOTE: Default destination output format template
# (admin guide section 11.1.2, templates and macros)
#template default {
# (template("${ISODATE} ${HOST} ${MSGHDR}${MSG}\n");
# template_escape(no);
#};
# ${MSGHDR} further defines to "PROGRAM[PID]: " (note trailing space),
# with a kernel MSGHDR obviously lacking [PID], so...
# final format is: ISODATE HOST PROGRAM[PID] MSG(=content)
###################################################
# global destinations
destination messages {
file ("/var/log/messages");
};
destination log-tty {
file ("/dev/tty12");
};
# for programs like xconsole using /dev/console...
#destination dev-console {
# file ("/dev/console");
#};
###################################################
# categorized destinations
destination IPTables {
file ("/var/log/iptables"); };
destination dhcpcd {
file ("/var/log/dhcpcd");
};
destination cron {
file ("/var/log/cron");
};
destination portage {
file ("/var/log/portage-msg");
};
#################################################################################
######### Filters: which messages #########
#################################################################################
# log-spam pre-filters, combined in spam-global, below
# sudo has its own, better log, but pam_unix spams it to syslog too
filter spam-sudo {
program ("sudo")
;};
# 2013.1217 kernel type=1006 (AUDIT_LOGIN) auditing enabled and logging
# on cron's 10-minute run-crons.
# kernel: type=1006 audit(1387288201.202:209): pid=5760 uid=0 old auid=501
# new auid=0 old ses=2 new ses=208 res=1
filter spam-audit {
program ("kernel")
and message ("type=1006 audit")
;};
#####################
# Combine all the log-spam filters into one
filter spam-global {
not filter (spam-audit)
and not filter (spam-sudo)
;};
###################################################
# Category filters
filter cat-IPTables {
message ("IPTables:")
;};
filter cat-dhcpcd {
program ("dhcpcd")
;};
filter cat-cron {
program ("crond?" flags("ignore-case"))
;};
filter cat-portage {
message (" portage")
;};
#####################
# /not/ the cat-filters above
filter cat-not {
not filter (cat-IPTables)
and not filter (cat-dhcpcd)
and not filter (cat-cron)
and not filter (cat-portage)
;};
#################################################################################
######### Logs: connect sources, filters, destinations #########
#################################################################################
# general case, minus the categorized, below
log {
source (src);
filter (spam-global);
filter (cat-not);
destination (messages);
};
log {
source (src);
filter (spam-global);
filter (cat-not);
destination (log-tty);
};
###################################################
# These categorize
log {
source (src);
filter (cat-IPTables);
destination (IPTables);
};
log {
source (src);
filter (cat-cron);
destination (cron);
};
log {
source (src);
filter (cat-dhcpcd);
destination (dhcpcd);
};
log {
source (src);
filter (cat-portage);
destination (portage);
};
next prev parent reply other threads:[~2013-12-27 6:57 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-10 20:55 [gentoo-dev] Recommend cronie instead of vixie-cron in handbook? Pacho Ramos
2013-12-10 21:33 ` Lars Wendler
2013-12-10 21:41 ` Jeff Horelick
2013-12-11 2:18 ` Paul B. Henson
2013-12-11 19:25 ` Michael Orlitzky
2013-12-11 20:03 ` Mike Gilbert
2013-12-13 22:15 ` Dale
2013-12-14 17:19 ` Michael Orlitzky
2013-12-24 3:54 ` Vadim A. Misbakh-Soloviov
2013-12-24 4:02 ` Michael Orlitzky
2013-12-25 6:38 ` Alice Ferrazzi
2013-12-25 14:43 ` [gentoo-dev] " Duncan
2013-12-27 4:02 ` Daniel Campbell
2013-12-27 6:56 ` Duncan [this message]
2013-12-11 19:22 ` [gentoo-dev] " Sven Vermeulen
2013-12-11 19:30 ` Peter Stuge
2013-12-11 21:07 ` Alexander Tsoy
2013-12-11 22:02 ` Ben Kohler
2013-12-11 20:20 ` Markos Chandras
2013-12-11 21:07 ` Peter Stuge
2013-12-11 22:13 ` Wulf C. Krueger
2013-12-13 13:45 ` Sergey Popov
2013-12-13 16:08 ` Peter Stuge
2013-12-13 16:17 ` Ben Kohler
2013-12-13 16:53 ` Brian Dolbec
2013-12-13 19:11 ` Markos Chandras
2013-12-14 23:13 ` Peter Stuge
2013-12-15 18:51 ` Maciej Mrozowski
2013-12-16 18:39 ` Michał Górny
2013-12-29 8:45 ` Sergey Popov
2013-12-11 23:42 ` Pavlos Ratis
2013-12-12 9:23 ` Lars Wendler
2013-12-14 15:55 ` [gentoo-dev] " Steven J. Long
2013-12-12 10:34 ` [gentoo-dev] " Ultrabug
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$6fdf3$b0753229$2758184c$95001124@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox