/var/log/messageに以下のログが残される。
crond(pam_unix)[14149]: session opened for user root by (uid=0)
crond(pam_unix)[14149]: session closed for user root
重要度の低いメッセージが大量にあって,重要なメッセージを見落とす可能性がある。
/etc/syslog.confで,ログの出力先を重要なのとそうでないのと分けてみる。
ログの出力先が変わったので,以下の2つも変更する
/etc/logrotate.d/syslog
/etc/log.d/conf/logfiles/messages.conf
(1) /etc/syslog.conf
# diff -cw syslog.conf.org syslog.conf
*** syslog.conf.org 2004-08-03 07:33:41.000000000 +0900
--- syslog.conf 2004-12-28 01:21:55.550995760 +0900
***************
*** 4,10 ****
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
! *.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
--- 4,14 ----
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
! #*.info;mail.none;authpriv.none;cron.none /var/log/messages
! # ------------------------------------------------------------------------
! *.warning;mail.none;authpriv.none;cron.none /var/log/messages
! *.=info;*.=notice;mail.none;authpriv.none;cron.none /var/log/info
! *.=debug;mail.none;authpriv.none;cron.none /var/log/debug
# The authpriv file has restricted access.
authpriv.* /var/log/secure
(2) /etc/logrotate.d/syslog
# diff -cw syslog.org syslog
*** syslog.org 2004-12-28 01:38:51.540418873 +0900
--- syslog 2004-12-28 01:39:19.550692424 +0900
***************
*** 1,3 ****
--- 1,4 ----
+ /var/log/info /var/log/debug
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
(3) /etc/log.d/conf/logfiles/messages.conf
# diff -cw messages.conf.org messages.conf
*** messages.conf.org 2004-12-27 01:35:19.000000000 +0900
--- messages.conf 2004-12-27 01:35:59.000000000 +0900
***************
*** 12,17 ****
--- 12,19 ----
# What actual file? Defaults to LogPath if not absolute path....
LogFile = messages
+ LogFile = info
+ LogFile = debug
# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
***************
*** 21,26 ****
--- 23,36 ----
Archive = messages.*.gz
Archive = archiv/messages.*
Archive = archiv/messages.*.gz
+ Archive = info.*
+ Archive = info.*.gz
+ Archive = archiv/info.*
+ Archive = archiv/info.*.gz
+ Archive = debug.*
+ Archive = debug.*.gz
+ Archive = archiv/debug.*
+ Archive = archiv/debug.*.gz
# Expand the repeats (actually just removes them now)
*ExpandRepeats
