strange repeating pattern in log file

4 posts / 0 new
Topic locked
Last post
#1 Sun, 04/07/2013 - 11:57
allardsmol

strange repeating pattern in log file

Hello,

I have a strange repeating pattern in my logfiles. In fact the logfile is full of it: Here is a little part of it:

Apr 7 18:25:02 host1 su[5852]: + ??? root:postgres Apr 7 18:25:02 host1 su[5852]: pam_unix(su:session): session opened for user postgres by (uid=0) Apr 7 18:25:02 host1 su[5852]: pam_unix(su:session): session closed for user postgres Apr 7 18:25:02 host1 CRON[5831]: pam_unix(cron:session): session closed for user root Apr 7 18:30:01 host1 CRON[6107]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 7 18:30:01 host1 CRON[6106]: pam_unix(cron:session): session opened for user www-data by (uid=0) Apr 7 18:30:01 host1 CRON[6106]: pam_unix(cron:session): session closed for user www-data Apr 7 18:30:01 host1 su[6161]: Successful su for postgres by root Apr 7 18:30:01 host1 su[6161]: + ??? root:postgres Apr 7 18:30:01 host1 su[6161]: pam_unix(su:session): session opened for user postgres by (uid=0) Apr 7 18:30:01 host1 su[6161]: pam_unix(su:session): session closed for user postgres Apr 7 18:30:01 host1 CRON[6107]: pam_unix(cron:session): session closed for user root Apr 7 18:35:01 host1 CRON[6407]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 7 18:35:02 host1 su[6442]: Successful su for postgres by root Apr 7 18:35:02 host1 su[6442]: + ??? root:postgres Apr 7 18:35:02 host1 su[6442]: pam_unix(su:session): session opened for user postgres by (uid=0) Apr 7 18:35:02 host1 su[6442]: pam_unix(su:session): session closed for user postgres Apr 7 18:35:02 host1 CRON[6407]: pam_unix(cron:session): session closed for user root Apr 7 18:39:01 host1 CRON[6577]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 7 18:39:01 host1 CRON[6577]: pam_unix(cron:session): session closed for user root Apr 7 18:40:01 host1 CRON[7563]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 7 18:40:01 host1 CRON[7562]: pam_unix(cron:session): session opened for user www-data by (uid=0) Apr 7 18:40:01 host1 CRON[7562]: pam_unix(cron:session): session closed for user www-data Apr 7 18:40:02 host1 su[7602]: Successful su for postgres by root Apr 7 18:40:02 host1 su[7602]: + ??? root:postgres Apr 7 18:40:02 host1 su[7602]: pam_unix(su:session): session opened for user postgres by (uid=0) Apr 7 18:40:02 host1 su[7602]: pam_unix(su:session): session closed for user postgres Apr 7 18:40:02 host1 CRON[7563]: pam_unix(cron:session): session closed for user root Apr 7 18:40:47 host1 su[7654]: Successful su for postgres by root Apr 7 18:40:47 host1 su[7654]: + ??? root:postgres

What can be the problem here?

Thanks in advance!

Mon, 04/08/2013 - 09:04
andreychek

Howdy,

That's all normal... that's part of the Webmin/Virtualmin monitoring -- it's just performing a test every N minutes.

-Eric

Mon, 04/08/2013 - 16:08
allardsmol

Thanks a lot Eric! Amazing what you do for this forum!

Tue, 06/23/2015 - 08:41
Purple Edge

I'm seeing the same pattern in my var/log/secure...

Jun 23 18:10:03 host1 su: pam_unix(su:session): session opened for user postgres by (uid=0)
Jun 23 18:10:03 host1 su: pam_unix(su:session): session closed for user postgres
Jun 23 18:15:02 host1 su: pam_unix(su:session): session opened for user postgres by (uid=0)
Jun 23 18:15:02 host1 su: pam_unix(su:session): session closed for user postgres
Jun 23 18:20:02 host1 su: pam_unix(su:session): session opened for user postgres by (uid=0)
Jun 23 18:20:02 host1 su: pam_unix(su:session): session closed for user postgres
Jun 23 18:25:02 host1 su: pam_unix(su:session): session opened for user postgres by (uid=0)
Jun 23 18:25:02 host1 su: pam_unix(su:session): session closed for user postgres

I don't have PostGres running, what is the purpose of this check, and where is it being called every 5 minutes?

Thanks

Topic locked