![](https://seccdn.libravatar.org/avatar/bd4da371900551bee9a06eaefeb7e1c2.jpg?s=120&d=mm&r=g)
Hi All! I am trying configure PAM logging on SuSE 8.0 and 8.2 systems. The biggest thing that bothers me is that I cannot figure out what facility and what priority is used for the messages. Everything is being written to /var/adm/messages, which is getting overloaded with junk. I would like to be able to define certain piorities (error ane above?) which get written then and all others are either discarded or written to a different log file. Any help would be greatly appreaciated. Regards, jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- The Linux Tutorial needs your help! Visit us at http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, mailing lists or forums are subject to reposting.
![](https://seccdn.libravatar.org/avatar/861b5545c111d2257fa12e533e723110.jpg?s=120&d=mm&r=g)
The 03.10.13 at 19:38, James Mohr wrote:
I am trying configure PAM logging on SuSE 8.0 and 8.2 systems. The biggest thing that bothers me is that I cannot figure out what facility and what priority is used for the messages.
It is difficult if not documented.
Everything is being written to /var/adm/messages, which is getting overloaded with junk. I would like to be able to define certain piorities (error ane above?) which get written then and all others are either discarded or written to a different log file.
Add an entry to syslog.conf like: facility.* /var/log/testing Where 'facility' is anyone of the available facilities. Restart syslog (rcsyslog restart) and see if there are pam entries there. No? redo for another facility. Otherwise, add multiple entries like: auth.* /var/log/facility.auth authpriv.* /var/log/facility.authpriv cron.* /var/log/facility.cron daemon.* /var/log/facility.daemon kern.* /var/log/facility.kern lpr.* /var/log/facility.lpr mail.* /var/log/facility.mail mark.* /var/log/facility.mark news.* /var/log/facility.news auth.* /var/log/facility.auth syslog.* /var/log/facility.syslog user.* /var/log/facility.user uucp.* /var/log/facility.uucp local0.* /var/log/facility.local0 local1.* /var/log/facility.local1 local2.* /var/log/facility.local2 local3.* /var/log/facility.local3 local4.* /var/log/facility.local4 local5.* /var/log/facility.local5 local6.* /var/log/facility.local6 local7.* /var/log/facility.local7 I have just added this to my syslog.conf, for possible future use ;-) -- Cheers, Carlos Robinson
![](https://seccdn.libravatar.org/avatar/bd4da371900551bee9a06eaefeb7e1c2.jpg?s=120&d=mm&r=g)
On Monday 13 October 2003 21:20, Carlos E. R. wrote:
The 03.10.13 at 19:38, James Mohr wrote:
I am trying configure PAM logging on SuSE 8.0 and 8.2 systems. The biggest thing that bothers me is that I cannot figure out what facility and what priority is used for the messages.
It is difficult if not documented.
Everything is being written to /var/adm/messages, which is getting overloaded with junk. I would like to be able to define certain piorities (error ane above?) which get written then and all others are either discarded or written to a different log file.
Add an entry to syslog.conf like:
facility.* /var/log/testing
Where 'facility' is anyone of the available facilities. Restart syslog (rcsyslog restart) and see if there are pam entries there. No? redo for another facility.
Otherwise, add multiple entries like:
auth.* /var/log/facility.auth authpriv.* /var/log/facility.authpriv cron.* /var/log/facility.cron daemon.* /var/log/facility.daemon kern.* /var/log/facility.kern lpr.* /var/log/facility.lpr mail.* /var/log/facility.mail mark.* /var/log/facility.mark news.* /var/log/facility.news auth.* /var/log/facility.auth syslog.* /var/log/facility.syslog user.* /var/log/facility.user uucp.* /var/log/facility.uucp local0.* /var/log/facility.local0 local1.* /var/log/facility.local1 local2.* /var/log/facility.local2 local3.* /var/log/facility.local3 local4.* /var/log/facility.local4 local5.* /var/log/facility.local5 local6.* /var/log/facility.local6 local7.* /var/log/facility.local7
I have just added this to my syslog.conf, for possible future use ;-)
-- Cheers, Carlos Robinson
-- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- The Linux Tutorial needs your help! Visit us at http://www.linux-tutorial.info
![](https://seccdn.libravatar.org/avatar/bd4da371900551bee9a06eaefeb7e1c2.jpg?s=120&d=mm&r=g)
On Monday 13 October 2003 21:20, Carlos E. R. wrote:
The 03.10.13 at 19:38, James Mohr wrote:
I am trying configure PAM logging on SuSE 8.0 and 8.2 systems. The biggest thing that bothers me is that I cannot figure out what facility and what priority is used for the messages.
It is difficult if not documented.
Everything is being written to /var/adm/messages, which is getting overloaded with junk. I would like to be able to define certain piorities (error ane above?) which get written then and all others are either discarded or written to a different log file.
Add an entry to syslog.conf like:
facility.* /var/log/testing
Where 'facility' is anyone of the available facilities. Restart syslog (rcsyslog restart) and see if there are pam entries there. No? redo for another facility.
Otherwise, add multiple entries like:
auth.* /var/log/facility.auth authpriv.* /var/log/facility.authpriv cron.* /var/log/facility.cron daemon.* /var/log/facility.daemon <SNIP>
I was hoping that have to take a hammer to the problem, but that's what I ended up doing. Thanks. Turns out it uses the auth facility (where else). I thought I had read that it was localX, but I wasn't sure. However, even things like su failures are reported as priority "info" so it all ends up in the same place. I was hoping to be able to filter out the errors/warning. Fortunately our monitoring software can parse the entries. regards, jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- The Linux Tutorial needs your help! Visit us at http://www.linux-tutorial.info
participants (2)
-
Carlos E. R.
-
James Mohr