In /var/log/secure, I see many messages such as:
May 25 23:25:02 d0 su: pam_unix(su:session): session opened for user postgres by (uid=0) May 25 23:25:02 d0 su: pam_unix(su:session): session closed for user postgres May 25 23:26:04 d0 su: pam_unix(su:session): session opened for user postgres by (uid=0) May 25 23:26:04 d0 su: pam_unix(su:session): session closed for user postgres May 25 23:30:02 d0 su: pam_unix(su:session): session opened for user postgres by (uid=0) May 25 23:30:02 d0 su: pam_unix(su:session): session closed for user postgres May 25 23:31:04 d0 su: pam_unix(su:session): session opened for user postgres by (uid=0) May 25 23:31:04 d0 su: pam_unix(su:session): session closed for user postgresAre these by way of Virtualmin? Is there a way to suppress them from being logged if they are benign?
They are Virtualmin's PostgreSQL status checks. If you aren't using postgres, you could simply disable postgres support in Virtualmin, which would disable the check.
You could configure pam to not log postgres logins, but that'd lose potentially useful information. There's no way for Virtualmin to suppress it, as Virtualmin actually has to login to postgres to know if it's working, and it's not Virtualmin doing the logging.
I generally don't spend a lot of time with /var/log/secure directly. I pay more attention to the logwatch report each day, which summarizes things for me.
--
Check out the forum guidelines!
Hey Joe,
Is Logwatch (or similar) built into Virtualmin - or more likely Webmin - somewhere?
If it is, I haven't yet managed to find it. :)
R.
Logwatch is a Linux tool for parsing various system logs, and notifying you about anomalies.
It's generally enabled by default in RHEL and CentOS systems, and will send a nightly report to the root user.
It's readily available for Debian and Ubuntu just by installing the "logwatch" package.
-Eric