How can I prevent cron from filling up my syslog?
Solution 1:
You can send the output of cron to a separate log facility add the following to your /etc/syslog.conf file:
# Log cron stuff
cron.* /var/log/cron
Remember to add /var/log/cron to your /etc/logrotate.d/syslog to ensure it gets rotated, eg
# /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Solution 2:
Ok,
The solution to my question was:
change
*.*;auth,authpriv.none -/var/log/syslog
to
*.*;cron,auth,authpriv.none -/var/log/syslog
within /etc/syslog.conf and then restart syslog
I also have cron being sent to /var/log/cron.log as suggested by Dave Cheney and stuck a logrotate on it. My fix with Daves suggestion is optimal for my situation because:
- it keeps
/var/log/syslogfrom being cluttered with cron messages - I still get cron messages (which is nice for troubleshooting)
- logrotate keeps
/var/log/cron.logfrom going too large.
Solution 3:
Change /etc/default/cron
# Or, to log standard messages, plus jobs with exit status != 0:
# EXTRA_OPTS='-L 5'
#
# For quick reference, the currently available log levels are:
# 0 no logging (errors are logged regardless)
# 1 log start of jobs
# 2 log end of jobs
# 4 log jobs with exit status != 0
# 8 log the process identifier of child process (in all logs)
#
EXTRA_OPTS="-L 0"
By default the EXTRA_OPTS line is ""
Solution 4:
In Ubuntu 14.04.5 (and likely elsewhere) there is rsyslogd instead of syslogd. TranslucentCloud hinted at this with Debian Jessie, but the same solution (but changing rsyslog.conf instead of syslogd.conf) doesn't appear to work in Ubuntu.
It appears that values set in /etc/rsyslog.d/50-default.conf will actually take precedence over stuff set in /etc/rsyslog.conf, so it's better to make the changes there and then restart rsyslog and cron. Otherwise you'll still end up with the default behavior of cron logging to syslog, plus cron logging to cronlog (but not exclusively).
First couple of lines in my /etc/rsyslog.d/50-default.conf:
*.*;cron,auth,authpriv.none -/var/log/syslog
cron.* /var/log/cron.log
And voila!
Solution 5:
Actually, the 'best' (one could claim) solution is a combination of what @DaveCheney suggested and what user7321 did eventually, plus a third action which I would recommend:
- Preventing syslogd from appending cron-related log messages to /var/log/syslog
- Ensuring cron log messages do get logged somewhere (specifically, in /var/log/cron) + ensuring log rotation for the cron log.
- Preventing syslogd from appending cron-related log messages to /var/log/messages as well
In your /etc/syslog.conf, the combination of these suggestions changes something like the following:
*.*;cron,auth,authpriv.none -/var/log/syslog
auth,authpriv.none;daemon.none;mail,news.none -/var/log/messages
into:
cron.* /var/log/cron.log
*.*;cron,auth,authpriv.none -/var/log/syslog
auth,authpriv.none;cron,daemon.none;mail,news.none -/var/log/messages
And don't forget to force-reload (or restart) both the cron and syslogd services, e.g. using:
/etc/init.d/syslogd force-reload
/etc/init.d/cron force-reload
Note: This works with rsyslogd as well.