Bug 812880 - systemd-logind spam
Summary: systemd-logind spam
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-16 13:21 UTC by Harald Reindl
Modified: 2012-05-26 07:03 UTC (History)
5 users (show)

Fixed In Version: logwatch-7.4.0-12.20120229svn100.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-19 06:59:05 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Harald Reindl 2012-04-16 13:21:32 UTC 
after chachning rsyslog.conf to prevent systemd spamming /var/log/messages now we get logwatch-mails spammed (this redirection to /var/log/secure will be default in the next systemd releases)

it is not useful to get hunderets of login/logout lines with all their IDs

# systemd-logind not in /var/log/messages
:programname, isequal, "systemd-logind"             /var/log/secure
:programname, isequal, "systemd-logind" ~

 --------------------- Connections (secure-log) Begin ------------------------ 

 
 **Unmatched Entries**
    Rootkit Hunter: Rootkit hunter check started (version 1.3.8): 1 Time(s)
    Rootkit Hunter: Scanning took 1 minute and 50 seconds: 1 Time(s)
    systemd-logind: New session 1214 of user root.: 1 Time(s)
    systemd-logind: New session 1215 of user root.: 1 Time(s)
    systemd-logind: New session 1216 of user root.: 1 Time(s)
    systemd-logind: New session 1217 of user root.: 1 Time(s)
    systemd-logind: New session 1242 of user root.: 1 Time(s)
    systemd-logind: New session 1243 of user root.: 1 Time(s)
    systemd-logind: New session 1244 of user root.: 1 Time(s)
    systemd-logind: New session 1246 of user root.: 1 Time(s)
    systemd-logind: New session 1249 of user root.: 1 Time(s)
    systemd-logind: New session 1258 of user root.: 1 Time(s)
    systemd-logind: New session 1259 of user root.: 1 Time(s)
    systemd-logind: New session 1264 of user root.: 1 Time(s)
    systemd-logind: New session 1265 of user root.: 1 Time(s)
    systemd-logind: New session 1266 of user root.: 1 Time(s)
    systemd-logind: New session 1267 of user root.: 1 Time(s)
    systemd-logind: New session 1268 of user root.: 1 Time(s)
    systemd-logind: New session 1270 of user root.: 1 Time(s)
    systemd-logind: New session 1271 of user root.: 1 Time(s)
    systemd-logind: New session 1277 of user root.: 1 Time(s)
    systemd-logind: New session 1278 of user root.: 1 Time(s)
    systemd-logind: New session 1299 of user root.: 1 Time(s)
    systemd-logind: New session 1319 of user root.: 1 Time(s)
    systemd-logind: New session 1343 of user root.: 1 Time(s)
    systemd-logind: New session 1345 of user root.: 1 Time(s)
    systemd-logind: New session 1355 of user root.: 1 Time(s)
    systemd-logind: New session 1356 of user root.: 1 Time(s)
    systemd-logind: New session 1357 of user root.: 1 Time(s)
    systemd-logind: New session 1358 of user root.: 1 Time(s)
    systemd-logind: New session 1359 of user root.: 1 Time(s)
    systemd-logind: New session 1360 of user root.: 1 Time(s)
    systemd-logind: New session 1361 of user root.: 1 Time(s)
    systemd-logind: New session 1368 of user root.: 1 Time(s)
    systemd-logind: New session 1369 of user root.: 1 Time(s)
    systemd-logind: New session 1370 of user root.: 1 Time(s)
    systemd-logind: New session 1371 of user root.: 1 Time(s)
    systemd-logind: New session 1372 of user root.: 1 Time(s)
    systemd-logind: Removed session 1214.: 1 Time(s)
    systemd-logind: Removed session 1215.: 1 Time(s)
    systemd-logind: Removed session 1216.: 1 Time(s)
    systemd-logind: Removed session 1217.: 1 Time(s)
    systemd-logind: Removed session 1242.: 1 Time(s)
    systemd-logind: Removed session 1243.: 1 Time(s)
    systemd-logind: Removed session 1244.: 1 Time(s)
    systemd-logind: Removed session 1246.: 1 Time(s)
    systemd-logind: Removed session 1249.: 1 Time(s)
    systemd-logind: Removed session 1258.: 1 Time(s)
    systemd-logind: Removed session 1259.: 1 Time(s)
    systemd-logind: Removed session 1264.: 1 Time(s)
    systemd-logind: Removed session 1265.: 1 Time(s)
    systemd-logind: Removed session 1266.: 1 Time(s)
    systemd-logind: Removed session 1267.: 1 Time(s)
    systemd-logind: Removed session 1268.: 1 Time(s)
    systemd-logind: Removed session 1270.: 1 Time(s)
    systemd-logind: Removed session 1271.: 1 Time(s)
    systemd-logind: Removed session 1277.: 1 Time(s)
    systemd-logind: Removed session 1278.: 1 Time(s)
    systemd-logind: Removed session 1299.: 1 Time(s)
    systemd-logind: Removed session 1319.: 1 Time(s)
    systemd-logind: Removed session 1343.: 1 Time(s)
    systemd-logind: Removed session 1345.: 1 Time(s)
    systemd-logind: Removed session 1355.: 1 Time(s)
    systemd-logind: Removed session 1356.: 1 Time(s)
    systemd-logind: Removed session 1357.: 1 Time(s)
    systemd-logind: Removed session 1358.: 1 Time(s)
    systemd-logind: Removed session 1359.: 1 Time(s)
    systemd-logind: Removed session 1360.: 1 Time(s)
    systemd-logind: Removed session 1361.: 1 Time(s)
    systemd-logind: Removed session 1368.: 1 Time(s)
    systemd-logind: Removed session 1369.: 1 Time(s)
    systemd-logind: Removed session 1370.: 1 Time(s)
    systemd-logind: Removed session 1371.: 1 Time(s)
    systemd-logind: Removed session 1372.: 1 Time(s)
Comment 1 Fedora Update System 2012-05-04 08:04:15 UTC 
logwatch-7.4.0-11.20120229svn100.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/logwatch-7.4.0-11.20120229svn100.fc17
Comment 2 Harald Reindl 2012-05-04 08:38:27 UTC 
thank you for the patches, especially dovecot (this one works amazing

i rebuilt the src.rpm for F16  and can not confirm the
"Add systemd-logind patch (rhbz#812880)"

can we have this fixed for F16 in a way that it also catches
messages by a rsyslog rule like below? the problem is without
this rule on machines with many cronjobs all the day you
would get /var/log/messages spammed
_________________

/etc/rsyslog.conf:

# Log systemd-logind to /var/log/secure
:programname, isequal, "systemd-logind"             /var/log/secure
:programname, isequal, "systemd-logind" ~



 --------------------- Connections (secure-log) Begin ------------------------ 

 
 **Unmatched Entries**
    Rootkit Hunter: Rootkit hunter check started (version 1.3.8): 1 Time(s)
    Rootkit Hunter: Scanning took 2 minutes and 34 seconds: 1 Time(s)
    systemd-logind: New session 1391 of user root.: 1 Time(s)
    systemd-logind: New session 1418 of user root.: 1 Time(s)
    systemd-logind: New session 1419 of user root.: 1 Time(s)
    systemd-logind: New session 1420 of user root.: 1 Time(s)
    systemd-logind: New session 1421 of user root.: 1 Time(s)
    systemd-logind: New session 1441 of user root.: 1 Time(s)
    systemd-logind: New session 1453 of user root.: 1 Time(s)
    systemd-logind: New session 1454 of user root.: 1 Time(s)
    systemd-logind: New session 1455 of user root.: 1 Time(s)
    systemd-logind: New session 1456 of user root.: 1 Time(s)
    systemd-logind: New session 1457 of user root.: 1 Time(s)
    systemd-logind: New session 1458 of user root.: 1 Time(s)
    systemd-logind: New session 1459 of user root.: 1 Time(s)
    systemd-logind: New session 1460 of user root.: 1 Time(s)
    systemd-logind: New session 1461 of user root.: 1 Time(s)
    systemd-logind: New session 1462 of user root.: 1 Time(s)
    systemd-logind: New session 1463 of user root.: 1 Time(s)
    systemd-logind: New session 1464 of user root.: 1 Time(s)
    systemd-logind: New session 1465 of user root.: 1 Time(s)
    systemd-logind: New session 1466 of user root.: 1 Time(s)
    systemd-logind: New session 1467 of user root.: 1 Time(s)
    systemd-logind: New session 1468 of user root.: 1 Time(s)
    systemd-logind: New session 1469 of user root.: 1 Time(s)
    systemd-logind: New session 1470 of user root.: 1 Time(s)
    systemd-logind: New session 1471 of user root.: 1 Time(s)
    systemd-logind: New session 1472 of user root.: 1 Time(s)
    systemd-logind: New session 1473 of user root.: 1 Time(s)
    systemd-logind: New session 1476 of user root.: 1 Time(s)
    systemd-logind: New session 1479 of user root.: 1 Time(s)
    systemd-logind: New session 1480 of user root.: 1 Time(s)
    systemd-logind: New session 1482 of user root.: 1 Time(s)
    systemd-logind: New session 1487 of user root.: 1 Time(s)
    systemd-logind: New session 1488 of user root.: 1 Time(s)
    systemd-logind: New session 1490 of user root.: 1 Time(s)
    systemd-logind: New session 1491 of user root.: 1 Time(s)
    systemd-logind: New session 1492 of user root.: 1 Time(s)
    systemd-logind: New session 1493 of user root.: 1 Time(s)
    systemd-logind: New session 1496 of user root.: 1 Time(s)
    systemd-logind: New session 1497 of user root.: 1 Time(s)
    systemd-logind: New session 1500 of user root.: 1 Time(s)
    systemd-logind: New session 1501 of user root.: 1 Time(s)
    systemd-logind: New session 1503 of user root.: 1 Time(s)
    systemd-logind: New session 1506 of user root.: 1 Time(s)
    systemd-logind: New session 1508 of user root.: 1 Time(s)
    systemd-logind: New session 1515 of user root.: 1 Time(s)
    systemd-logind: New session 1517 of user root.: 1 Time(s)
    systemd-logind: New session 1518 of user root.: 1 Time(s)
    systemd-logind: New session 1523 of user root.: 1 Time(s)
    systemd-logind: New session 1527 of user root.: 1 Time(s)
    systemd-logind: New session 1531 of user root.: 1 Time(s)
    systemd-logind: New session 1539 of user root.: 1 Time(s)
    systemd-logind: New session 1540 of user root.: 1 Time(s)
    systemd-logind: New session 1541 of user root.: 1 Time(s)
    systemd-logind: Removed session 1391.: 1 Time(s)
    systemd-logind: Removed session 1418.: 1 Time(s)
    systemd-logind: Removed session 1419.: 1 Time(s)
    systemd-logind: Removed session 1420.: 1 Time(s)
    systemd-logind: Removed session 1421.: 1 Time(s)
    systemd-logind: Removed session 1441.: 1 Time(s)
    systemd-logind: Removed session 1453.: 1 Time(s)
    systemd-logind: Removed session 1454.: 1 Time(s)
    systemd-logind: Removed session 1455.: 1 Time(s)
    systemd-logind: Removed session 1456.: 1 Time(s)
    systemd-logind: Removed session 1457.: 1 Time(s)
    systemd-logind: Removed session 1458.: 1 Time(s)
    systemd-logind: Removed session 1459.: 1 Time(s)
    systemd-logind: Removed session 1460.: 1 Time(s)
    systemd-logind: Removed session 1461.: 1 Time(s)
    systemd-logind: Removed session 1462.: 1 Time(s)
    systemd-logind: Removed session 1463.: 1 Time(s)
    systemd-logind: Removed session 1464.: 1 Time(s)
    systemd-logind: Removed session 1465.: 1 Time(s)
    systemd-logind: Removed session 1466.: 1 Time(s)
    systemd-logind: Removed session 1467.: 1 Time(s)
    systemd-logind: Removed session 1468.: 1 Time(s)
    systemd-logind: Removed session 1469.: 1 Time(s)
    systemd-logind: Removed session 1470.: 1 Time(s)
    systemd-logind: Removed session 1471.: 1 Time(s)
    systemd-logind: Removed session 1472.: 1 Time(s)
    systemd-logind: Removed session 1473.: 1 Time(s)
    systemd-logind: Removed session 1476.: 1 Time(s)
    systemd-logind: Removed session 1479.: 1 Time(s)
    systemd-logind: Removed session 1480.: 1 Time(s)
    systemd-logind: Removed session 1482.: 1 Time(s)
    systemd-logind: Removed session 1487.: 1 Time(s)
    systemd-logind: Removed session 1488.: 1 Time(s)
    systemd-logind: Removed session 1490.: 1 Time(s)
    systemd-logind: Removed session 1491.: 1 Time(s)
    systemd-logind: Removed session 1492.: 1 Time(s)
    systemd-logind: Removed session 1493.: 1 Time(s)
    systemd-logind: Removed session 1496.: 1 Time(s)
    systemd-logind: Removed session 1497.: 1 Time(s)
    systemd-logind: Removed session 1500.: 1 Time(s)
    systemd-logind: Removed session 1501.: 1 Time(s)
    systemd-logind: Removed session 1503.: 1 Time(s)
    systemd-logind: Removed session 1506.: 1 Time(s)
    systemd-logind: Removed session 1508.: 1 Time(s)
    systemd-logind: Removed session 1515.: 1 Time(s)
    systemd-logind: Removed session 1517.: 1 Time(s)
    systemd-logind: Removed session 1518.: 1 Time(s)
    systemd-logind: Removed session 1523.: 1 Time(s)
    systemd-logind: Removed session 1527.: 1 Time(s)
    systemd-logind: Removed session 1531.: 1 Time(s)
    systemd-logind: Removed session 1539.: 1 Time(s)
    systemd-logind: Removed session 1540.: 1 Time(s)
    systemd-logind: Removed session 1541.: 1 Time(s)
 
 ---------------------- Connections (secure-log) End -------------------------
Comment 3 Jan Synacek 2012-05-04 10:14:17 UTC 
Can you please provide a few lines containing 'systemd-logind' directly from the secure log? It seems that I've been testing it on a wrong sample..
Comment 4 Harald Reindl 2012-05-04 10:20:39 UTC 
sorry - i forgot :-(

May  4 02:20:07 localhost systemd-logind[27143]: New session 39966 of user root.
May  4 02:20:08 localhost systemd-logind[27143]: Removed session 39966.
May  4 05:30:02 localhost systemd-logind[27143]: New session 40613 of user root.
May  4 05:30:03 localhost systemd-logind[27143]: Removed session 40613.
May  4 05:30:03 localhost systemd-logind[27143]: New session 40614 of user root.
May  4 05:33:12 localhost systemd-logind[27143]: Removed session 40614.
May  4 05:33:13 localhost systemd-logind[27143]: New session 40622 of user root.
May  4 05:33:14 localhost systemd-logind[27143]: Removed session 40622.
May  4 05:33:14 localhost systemd-logind[27143]: New session 40623 of user root.
May  4 05:33:14 localhost systemd-logind[27143]: Removed session 40623.
May  4 05:33:16 localhost systemd-logind[27143]: New session 40624 of user root.
May  4 05:33:42 localhost systemd-logind[27143]: Removed session 40624.
May  4 05:36:56 localhost systemd-logind[27143]: New session 40637 of user root.
May  4 05:37:01 localhost systemd-logind[27143]: Removed session 40637.
May  4 05:37:01 localhost systemd-logind[27143]: New session 40640 of user root.
May  4 05:37:01 localhost systemd-logind[27143]: Removed session 40640.
May  4 05:37:02 localhost systemd-logind[27143]: New session 40641 of user root.
May  4 05:37:02 localhost systemd-logind[27143]: Removed session 40641.
May  4 05:37:02 localhost systemd-logind[27143]: New session 40642 of user root.
May  4 05:37:03 localhost systemd-logind[27143]: Removed session 40642.
May  4 06:10:01 localhost systemd-logind[27143]: New session 40751 of user root.
May  4 06:10:01 localhost systemd-logind[27143]: New session 40752 of user root.
May  4 06:10:01 localhost systemd-logind[27143]: Removed session 40751.
May  4 06:10:05 localhost systemd-logind[27143]: Removed session 40752.
May  4 10:24:52 localhost systemd-logind[27143]: New session 41617 of user root.
May  4 10:24:52 localhost systemd-logind[27143]: Removed session 41617.
May  4 10:25:14 localhost systemd-logind[27143]: New session 41623 of user root.
May  4 10:25:15 localhost systemd-logind[27143]: Removed session 41623.
May  4 10:31:20 localhost systemd-logind[27143]: New session 41644 of user root.
May  4 10:31:26 localhost systemd-logind[27143]: Removed session 41644.
May  4 12:09:05 localhost systemd-logind[27143]: New session 41975 of user root.
May  4 12:09:07 localhost systemd-logind[27143]: Removed session 41975.
May  4 12:09:31 localhost systemd-logind[27143]: New session 41976 of user root.
May  4 12:09:32 localhost systemd-logind[27143]: Removed session 41976.
May  4 12:09:42 localhost systemd-logind[27143]: New session 41977 of user root.
May  4 12:10:25 localhost systemd-logind[27143]: Removed session 41977.
May  4 12:18:00 localhost systemd-logind[27143]: New session 42007 of user root.
Comment 5 Jan Synacek 2012-05-04 11:07:03 UTC 
http://koji.fedoraproject.org/koji/taskinfo?taskID=4052376

Should work fine now.
Comment 6 Harald Reindl 2012-05-04 11:24:54 UTC 
wonderful!

they are completly away, a general count of cron-sessions per user would be nice, but who cares - before systemd-logind it did also not exist :-)
Comment 7 Fedora Update System 2012-05-09 08:26:38 UTC 
logwatch-7.4.0-12.20120229svn100.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/logwatch-7.4.0-12.20120229svn100.fc16
Comment 8 Fedora Update System 2012-05-10 14:16:43 UTC 
Package logwatch-7.4.0-12.20120229svn100.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing logwatch-7.4.0-12.20120229svn100.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7541/logwatch-7.4.0-12.20120229svn100.fc16
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2012-05-19 06:59:05 UTC 
logwatch-7.4.0-12.20120229svn100.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-05-26 07:03:39 UTC 
logwatch-7.4.0-11.20120229svn100.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.