Bug 121507 - FC1 syslog.conf logs auth msgs to /var/log/messages
FC1 syslog.conf logs auth msgs to /var/log/messages
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: sysklogd (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-22 03:49 EDT by Need Real Name
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-04 10:33:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2004-04-22 03:49:54 EDT
Description of problem:
The default syslog.conf provided with FC1 has these lines:

# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none   /var/log/messages

However, authentication messages *do* get logged to /var/log/messages.

"auth" needs to be added to the above string, so it reads:

*.info;mail.none;auth,authpriv.none;cron.none   /var/log/messages


Version-Release number of selected component (if applicable):
1.4.1-13
Comment 1 Bill Nottingham 2004-04-22 16:32:15 EDT
What changed from authpriv to auth? What specific messages do you see?
Comment 2 Need Real Name 2004-04-22 16:59:29 EDT
From su and login, for example:

Apr 22 16:54:50 host su(pam_unix)[2716]: session opened for user root
by vader(uid=0)
Apr 22 16:54:50 host su(pam_unix)[2716]: session closed for user root
Apr 22 16:54:58 host login(pam_unix)[1047]: session opened for user
root by LOGIN(uid=0)
Apr 22 16:54:58 host  -- root[1047]: ROOT LOGIN ON tty1
Apr 22 16:55:02 host login(pam_unix)[1047]: session closed for user root
Comment 3 Jason Vas Dias 2004-08-04 10:33:34 EDT
In fc2+, syslog.conf is now:
"
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none             
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
"
These messages:
Apr 22 16:54:50 host su(pam_unix)[2716]: session closed for user root
Apr 22 16:54:50 host su(pam_unix)[2716]: session closed for user root
are auth.info messages; users can direct them 
elsewhere using syslog.conf, but by default they
are caught by
*.info;...   /var/log/messages

Note You need to log in before you can comment on or make changes to this bug.