Bug 812880
| Summary: | systemd-logind spam | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> |
| Component: | logwatch | Assignee: | Jan Synacek <jsynacek> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | frank, jsynacek, kklic, richardfearn, varekova |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | logwatch-7.4.0-12.20120229svn100.fc16 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-19 06:59:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
logwatch-7.4.0-11.20120229svn100.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/logwatch-7.4.0-11.20120229svn100.fc17 thank you for the patches, especially dovecot (this one works amazing
i rebuilt the src.rpm for F16 and can not confirm the
"Add systemd-logind patch (rhbz#812880)"
can we have this fixed for F16 in a way that it also catches
messages by a rsyslog rule like below? the problem is without
this rule on machines with many cronjobs all the day you
would get /var/log/messages spammed
_________________
/etc/rsyslog.conf:
# Log systemd-logind to /var/log/secure
:programname, isequal, "systemd-logind" /var/log/secure
:programname, isequal, "systemd-logind" ~
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
Rootkit Hunter: Rootkit hunter check started (version 1.3.8): 1 Time(s)
Rootkit Hunter: Scanning took 2 minutes and 34 seconds: 1 Time(s)
systemd-logind: New session 1391 of user root.: 1 Time(s)
systemd-logind: New session 1418 of user root.: 1 Time(s)
systemd-logind: New session 1419 of user root.: 1 Time(s)
systemd-logind: New session 1420 of user root.: 1 Time(s)
systemd-logind: New session 1421 of user root.: 1 Time(s)
systemd-logind: New session 1441 of user root.: 1 Time(s)
systemd-logind: New session 1453 of user root.: 1 Time(s)
systemd-logind: New session 1454 of user root.: 1 Time(s)
systemd-logind: New session 1455 of user root.: 1 Time(s)
systemd-logind: New session 1456 of user root.: 1 Time(s)
systemd-logind: New session 1457 of user root.: 1 Time(s)
systemd-logind: New session 1458 of user root.: 1 Time(s)
systemd-logind: New session 1459 of user root.: 1 Time(s)
systemd-logind: New session 1460 of user root.: 1 Time(s)
systemd-logind: New session 1461 of user root.: 1 Time(s)
systemd-logind: New session 1462 of user root.: 1 Time(s)
systemd-logind: New session 1463 of user root.: 1 Time(s)
systemd-logind: New session 1464 of user root.: 1 Time(s)
systemd-logind: New session 1465 of user root.: 1 Time(s)
systemd-logind: New session 1466 of user root.: 1 Time(s)
systemd-logind: New session 1467 of user root.: 1 Time(s)
systemd-logind: New session 1468 of user root.: 1 Time(s)
systemd-logind: New session 1469 of user root.: 1 Time(s)
systemd-logind: New session 1470 of user root.: 1 Time(s)
systemd-logind: New session 1471 of user root.: 1 Time(s)
systemd-logind: New session 1472 of user root.: 1 Time(s)
systemd-logind: New session 1473 of user root.: 1 Time(s)
systemd-logind: New session 1476 of user root.: 1 Time(s)
systemd-logind: New session 1479 of user root.: 1 Time(s)
systemd-logind: New session 1480 of user root.: 1 Time(s)
systemd-logind: New session 1482 of user root.: 1 Time(s)
systemd-logind: New session 1487 of user root.: 1 Time(s)
systemd-logind: New session 1488 of user root.: 1 Time(s)
systemd-logind: New session 1490 of user root.: 1 Time(s)
systemd-logind: New session 1491 of user root.: 1 Time(s)
systemd-logind: New session 1492 of user root.: 1 Time(s)
systemd-logind: New session 1493 of user root.: 1 Time(s)
systemd-logind: New session 1496 of user root.: 1 Time(s)
systemd-logind: New session 1497 of user root.: 1 Time(s)
systemd-logind: New session 1500 of user root.: 1 Time(s)
systemd-logind: New session 1501 of user root.: 1 Time(s)
systemd-logind: New session 1503 of user root.: 1 Time(s)
systemd-logind: New session 1506 of user root.: 1 Time(s)
systemd-logind: New session 1508 of user root.: 1 Time(s)
systemd-logind: New session 1515 of user root.: 1 Time(s)
systemd-logind: New session 1517 of user root.: 1 Time(s)
systemd-logind: New session 1518 of user root.: 1 Time(s)
systemd-logind: New session 1523 of user root.: 1 Time(s)
systemd-logind: New session 1527 of user root.: 1 Time(s)
systemd-logind: New session 1531 of user root.: 1 Time(s)
systemd-logind: New session 1539 of user root.: 1 Time(s)
systemd-logind: New session 1540 of user root.: 1 Time(s)
systemd-logind: New session 1541 of user root.: 1 Time(s)
systemd-logind: Removed session 1391.: 1 Time(s)
systemd-logind: Removed session 1418.: 1 Time(s)
systemd-logind: Removed session 1419.: 1 Time(s)
systemd-logind: Removed session 1420.: 1 Time(s)
systemd-logind: Removed session 1421.: 1 Time(s)
systemd-logind: Removed session 1441.: 1 Time(s)
systemd-logind: Removed session 1453.: 1 Time(s)
systemd-logind: Removed session 1454.: 1 Time(s)
systemd-logind: Removed session 1455.: 1 Time(s)
systemd-logind: Removed session 1456.: 1 Time(s)
systemd-logind: Removed session 1457.: 1 Time(s)
systemd-logind: Removed session 1458.: 1 Time(s)
systemd-logind: Removed session 1459.: 1 Time(s)
systemd-logind: Removed session 1460.: 1 Time(s)
systemd-logind: Removed session 1461.: 1 Time(s)
systemd-logind: Removed session 1462.: 1 Time(s)
systemd-logind: Removed session 1463.: 1 Time(s)
systemd-logind: Removed session 1464.: 1 Time(s)
systemd-logind: Removed session 1465.: 1 Time(s)
systemd-logind: Removed session 1466.: 1 Time(s)
systemd-logind: Removed session 1467.: 1 Time(s)
systemd-logind: Removed session 1468.: 1 Time(s)
systemd-logind: Removed session 1469.: 1 Time(s)
systemd-logind: Removed session 1470.: 1 Time(s)
systemd-logind: Removed session 1471.: 1 Time(s)
systemd-logind: Removed session 1472.: 1 Time(s)
systemd-logind: Removed session 1473.: 1 Time(s)
systemd-logind: Removed session 1476.: 1 Time(s)
systemd-logind: Removed session 1479.: 1 Time(s)
systemd-logind: Removed session 1480.: 1 Time(s)
systemd-logind: Removed session 1482.: 1 Time(s)
systemd-logind: Removed session 1487.: 1 Time(s)
systemd-logind: Removed session 1488.: 1 Time(s)
systemd-logind: Removed session 1490.: 1 Time(s)
systemd-logind: Removed session 1491.: 1 Time(s)
systemd-logind: Removed session 1492.: 1 Time(s)
systemd-logind: Removed session 1493.: 1 Time(s)
systemd-logind: Removed session 1496.: 1 Time(s)
systemd-logind: Removed session 1497.: 1 Time(s)
systemd-logind: Removed session 1500.: 1 Time(s)
systemd-logind: Removed session 1501.: 1 Time(s)
systemd-logind: Removed session 1503.: 1 Time(s)
systemd-logind: Removed session 1506.: 1 Time(s)
systemd-logind: Removed session 1508.: 1 Time(s)
systemd-logind: Removed session 1515.: 1 Time(s)
systemd-logind: Removed session 1517.: 1 Time(s)
systemd-logind: Removed session 1518.: 1 Time(s)
systemd-logind: Removed session 1523.: 1 Time(s)
systemd-logind: Removed session 1527.: 1 Time(s)
systemd-logind: Removed session 1531.: 1 Time(s)
systemd-logind: Removed session 1539.: 1 Time(s)
systemd-logind: Removed session 1540.: 1 Time(s)
systemd-logind: Removed session 1541.: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
Can you please provide a few lines containing 'systemd-logind' directly from the secure log? It seems that I've been testing it on a wrong sample.. sorry - i forgot :-( May 4 02:20:07 localhost systemd-logind[27143]: New session 39966 of user root. May 4 02:20:08 localhost systemd-logind[27143]: Removed session 39966. May 4 05:30:02 localhost systemd-logind[27143]: New session 40613 of user root. May 4 05:30:03 localhost systemd-logind[27143]: Removed session 40613. May 4 05:30:03 localhost systemd-logind[27143]: New session 40614 of user root. May 4 05:33:12 localhost systemd-logind[27143]: Removed session 40614. May 4 05:33:13 localhost systemd-logind[27143]: New session 40622 of user root. May 4 05:33:14 localhost systemd-logind[27143]: Removed session 40622. May 4 05:33:14 localhost systemd-logind[27143]: New session 40623 of user root. May 4 05:33:14 localhost systemd-logind[27143]: Removed session 40623. May 4 05:33:16 localhost systemd-logind[27143]: New session 40624 of user root. May 4 05:33:42 localhost systemd-logind[27143]: Removed session 40624. May 4 05:36:56 localhost systemd-logind[27143]: New session 40637 of user root. May 4 05:37:01 localhost systemd-logind[27143]: Removed session 40637. May 4 05:37:01 localhost systemd-logind[27143]: New session 40640 of user root. May 4 05:37:01 localhost systemd-logind[27143]: Removed session 40640. May 4 05:37:02 localhost systemd-logind[27143]: New session 40641 of user root. May 4 05:37:02 localhost systemd-logind[27143]: Removed session 40641. May 4 05:37:02 localhost systemd-logind[27143]: New session 40642 of user root. May 4 05:37:03 localhost systemd-logind[27143]: Removed session 40642. May 4 06:10:01 localhost systemd-logind[27143]: New session 40751 of user root. May 4 06:10:01 localhost systemd-logind[27143]: New session 40752 of user root. May 4 06:10:01 localhost systemd-logind[27143]: Removed session 40751. May 4 06:10:05 localhost systemd-logind[27143]: Removed session 40752. May 4 10:24:52 localhost systemd-logind[27143]: New session 41617 of user root. May 4 10:24:52 localhost systemd-logind[27143]: Removed session 41617. May 4 10:25:14 localhost systemd-logind[27143]: New session 41623 of user root. May 4 10:25:15 localhost systemd-logind[27143]: Removed session 41623. May 4 10:31:20 localhost systemd-logind[27143]: New session 41644 of user root. May 4 10:31:26 localhost systemd-logind[27143]: Removed session 41644. May 4 12:09:05 localhost systemd-logind[27143]: New session 41975 of user root. May 4 12:09:07 localhost systemd-logind[27143]: Removed session 41975. May 4 12:09:31 localhost systemd-logind[27143]: New session 41976 of user root. May 4 12:09:32 localhost systemd-logind[27143]: Removed session 41976. May 4 12:09:42 localhost systemd-logind[27143]: New session 41977 of user root. May 4 12:10:25 localhost systemd-logind[27143]: Removed session 41977. May 4 12:18:00 localhost systemd-logind[27143]: New session 42007 of user root. http://koji.fedoraproject.org/koji/taskinfo?taskID=4052376 Should work fine now. wonderful! they are completly away, a general count of cron-sessions per user would be nice, but who cares - before systemd-logind it did also not exist :-) logwatch-7.4.0-12.20120229svn100.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/logwatch-7.4.0-12.20120229svn100.fc16 Package logwatch-7.4.0-12.20120229svn100.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing logwatch-7.4.0-12.20120229svn100.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-7541/logwatch-7.4.0-12.20120229svn100.fc16 then log in and leave karma (feedback). logwatch-7.4.0-12.20120229svn100.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. logwatch-7.4.0-11.20120229svn100.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |
after chachning rsyslog.conf to prevent systemd spamming /var/log/messages now we get logwatch-mails spammed (this redirection to /var/log/secure will be default in the next systemd releases) it is not useful to get hunderets of login/logout lines with all their IDs # systemd-logind not in /var/log/messages :programname, isequal, "systemd-logind" /var/log/secure :programname, isequal, "systemd-logind" ~ --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** Rootkit Hunter: Rootkit hunter check started (version 1.3.8): 1 Time(s) Rootkit Hunter: Scanning took 1 minute and 50 seconds: 1 Time(s) systemd-logind: New session 1214 of user root.: 1 Time(s) systemd-logind: New session 1215 of user root.: 1 Time(s) systemd-logind: New session 1216 of user root.: 1 Time(s) systemd-logind: New session 1217 of user root.: 1 Time(s) systemd-logind: New session 1242 of user root.: 1 Time(s) systemd-logind: New session 1243 of user root.: 1 Time(s) systemd-logind: New session 1244 of user root.: 1 Time(s) systemd-logind: New session 1246 of user root.: 1 Time(s) systemd-logind: New session 1249 of user root.: 1 Time(s) systemd-logind: New session 1258 of user root.: 1 Time(s) systemd-logind: New session 1259 of user root.: 1 Time(s) systemd-logind: New session 1264 of user root.: 1 Time(s) systemd-logind: New session 1265 of user root.: 1 Time(s) systemd-logind: New session 1266 of user root.: 1 Time(s) systemd-logind: New session 1267 of user root.: 1 Time(s) systemd-logind: New session 1268 of user root.: 1 Time(s) systemd-logind: New session 1270 of user root.: 1 Time(s) systemd-logind: New session 1271 of user root.: 1 Time(s) systemd-logind: New session 1277 of user root.: 1 Time(s) systemd-logind: New session 1278 of user root.: 1 Time(s) systemd-logind: New session 1299 of user root.: 1 Time(s) systemd-logind: New session 1319 of user root.: 1 Time(s) systemd-logind: New session 1343 of user root.: 1 Time(s) systemd-logind: New session 1345 of user root.: 1 Time(s) systemd-logind: New session 1355 of user root.: 1 Time(s) systemd-logind: New session 1356 of user root.: 1 Time(s) systemd-logind: New session 1357 of user root.: 1 Time(s) systemd-logind: New session 1358 of user root.: 1 Time(s) systemd-logind: New session 1359 of user root.: 1 Time(s) systemd-logind: New session 1360 of user root.: 1 Time(s) systemd-logind: New session 1361 of user root.: 1 Time(s) systemd-logind: New session 1368 of user root.: 1 Time(s) systemd-logind: New session 1369 of user root.: 1 Time(s) systemd-logind: New session 1370 of user root.: 1 Time(s) systemd-logind: New session 1371 of user root.: 1 Time(s) systemd-logind: New session 1372 of user root.: 1 Time(s) systemd-logind: Removed session 1214.: 1 Time(s) systemd-logind: Removed session 1215.: 1 Time(s) systemd-logind: Removed session 1216.: 1 Time(s) systemd-logind: Removed session 1217.: 1 Time(s) systemd-logind: Removed session 1242.: 1 Time(s) systemd-logind: Removed session 1243.: 1 Time(s) systemd-logind: Removed session 1244.: 1 Time(s) systemd-logind: Removed session 1246.: 1 Time(s) systemd-logind: Removed session 1249.: 1 Time(s) systemd-logind: Removed session 1258.: 1 Time(s) systemd-logind: Removed session 1259.: 1 Time(s) systemd-logind: Removed session 1264.: 1 Time(s) systemd-logind: Removed session 1265.: 1 Time(s) systemd-logind: Removed session 1266.: 1 Time(s) systemd-logind: Removed session 1267.: 1 Time(s) systemd-logind: Removed session 1268.: 1 Time(s) systemd-logind: Removed session 1270.: 1 Time(s) systemd-logind: Removed session 1271.: 1 Time(s) systemd-logind: Removed session 1277.: 1 Time(s) systemd-logind: Removed session 1278.: 1 Time(s) systemd-logind: Removed session 1299.: 1 Time(s) systemd-logind: Removed session 1319.: 1 Time(s) systemd-logind: Removed session 1343.: 1 Time(s) systemd-logind: Removed session 1345.: 1 Time(s) systemd-logind: Removed session 1355.: 1 Time(s) systemd-logind: Removed session 1356.: 1 Time(s) systemd-logind: Removed session 1357.: 1 Time(s) systemd-logind: Removed session 1358.: 1 Time(s) systemd-logind: Removed session 1359.: 1 Time(s) systemd-logind: Removed session 1360.: 1 Time(s) systemd-logind: Removed session 1361.: 1 Time(s) systemd-logind: Removed session 1368.: 1 Time(s) systemd-logind: Removed session 1369.: 1 Time(s) systemd-logind: Removed session 1370.: 1 Time(s) systemd-logind: Removed session 1371.: 1 Time(s) systemd-logind: Removed session 1372.: 1 Time(s)