You are not logged in.
Pages: 1
How to disable/hide this logs?
# journalctl | grep sudo
...
jan 25 10:35:49 majestic sudo[3934]: pam_unix(sudo:session): session opened for user root by (uid=0)
jan 25 10:36:19 majestic sudo[3934]: pam_unix(sudo:session): session closed for user root
...
and this:
# journalctl | grep cron
...
jan 25 10:30:01 majestic crond[3639]: pam_unix(crond:session): session opened for user lucas by (uid=0)
jan 25 10:30:01 majestic crond[3638]: pam_unix(crond:session): session opened for user lucas by (uid=0)
jan 25 10:30:01 majestic CROND[3641]: (lucas) CMD (sh -c "~/.local/bin/git-cron" > /dev/null 2>&1)
jan 25 10:30:01 majestic CROND[3638]: pam_unix(crond:session): session closed for user lucas
jan 25 10:30:12 majestic CROND[3639]: pam_unix(crond:session): session closed for user lucas
...
Thank you all.
Last edited by sistematico (2018-01-26 01:36:10)
Offline
Before I spoonfeed you the link to the man page section that describes how this can be achieved, I would like to be convinced that you have a good reason to do so. Because log messages are a useful tool for troubleshooting—if something goes wrong and you deliberately disabled logging for services like sudo, you (or the people you're asking for help) are not going to be happy.
Offline
I second everything in the above post. But I'd also point out you haven't really said what you want to disable. You want to disable them ever being added to the logs at all? That's a horrible idea.
If you don't want to see them, well you didn't really give us nearly enough information, so working with just what you actually told us, the direct answer for disabling the printing of those lines is this:
journalctl | grep -v sudo
journalctl | grep -v cron
But that is certainly not what you want. Presumably you want to see most sudo/cron log entries, you just want to filter some out, so do just that: filter out what you don't need to see.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Offline
Offline
Yeah, that clarified things, like a thick smear of mud.
Ok then. Use the commands in my previous post and mark your thread as solved.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Yeah, that clarified things, like a thick smear of mud.
Ok then. Use the commands in my previous post and mark your thread as solved.
Not solved, I don't want to see these logs.
Is spamming journalctl.
Last edited by sistematico (2018-01-26 01:42:59)
Offline
Offline
this is not working for me...
Please read this sticky. We can't help you with PAM configuration issues if you don't tell us what you tried and how exactly (with logs et al) it went wrong.
Also, I believe this question hasn't been answered (and the link not been read) yet, so I refuse to give you further clues:
Offline
sistematico wrote:this is not working for me...
Please read this sticky. We can't help you with PAM configuration issues if you don't tell us what you tried and how exactly (with logs et al) it went wrong.
Also, I believe this question hasn't been answered (and the link not been read) yet, so I refuse to give you further clues:
ayekat wrote:
Nothing is wrong, my goal is not log sucessfull login attempts.
Offline
I don't want to see these logs.
my goal is not log sucessfull login attempts.
These are not the same, which is why I asked for clarification early on. If you don't want to see them, don't look at them. See `man journalctl` specifically the -p flag:
journalctl -p 5 | grep sudo
or just
journalctl -p 5 /bin/sudo
If you don't want them to be entered in the log in the first place, I can't help, but I will reiterate that there is virtually no reason to prevent this information from being logged I think it's just a bad idea to try.
Last edited by Trilby (2018-02-13 14:57:55)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
my goal is not log sucessfull login attempts.
...
Not solved, I don't want to see these logs.
Is spamming journalctl.
You're kinda self-contraditing...
man journald.conf
especiall look at MaxLevel* stuff - this will however impact *everything*
If you want to conceil logins for some probably shady reason, you'll have be a bit more forthcoming with your intentions.
Offline
You're kinda self-contraditing...
But is not solved.
especiall look at MaxLevel* stuff - this will however impact *everything*
MaxLevel don't supress/disable/hide/ignore sucessfull logins.
If you want to conceil logins for some probably shady reason, you'll have be a bit more forthcoming with your intentions.
No special reason, I just wonder if this is possible, and I believe it is(ignore sucessfull logins from journalctl command).
Offline
Offline
But is not solved.
How does the shifting of your goals relate to their status?
Oh, yes ...
MaxLevel don't supress/disable/hide/ignore sucessfull logins.
"MaxLevel" is no key at all and yes, it does.
RTFM.
I know you didn't, because you would have either be more precise on what you tried or asked back.
So RTFM.
Offline
Offline
Offline
No, of course not "only for sudo" - the message is sent by pam_unix anyway.
This brings us back to your intentions, in particular the subject "Disable journalctl success logs"
So try "man 8 pam_unix" then ...
And NO, it will not only affect sudo. The message is from PAM, not sudo.
If you need a more flexible log, use rsyslog.
Offline
Pages: 1