# Prevent cron from flooding messages

## cz0

Hi, folks.

I just updated my system and made a revision to my syslog-ng config. Now I have unwanted events from cron executing stuff allover the log. Since I have often tasks, it became very difficult to find anything valuable in log. Here is my syslog-ng.conf

```

#

# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/show_bug.cgi?id=426814

@include "scl.conf"

options {

        threaded(yes);

        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of

        # how many messages syslog-ng missed (0).

        stats_freq(43200);

        # The default action of syslog-ng is to log a MARK line

        # to the file every 20 minutes.  That's seems high for most

        # people so turn it down to once an hour.  Set it to zero

        # if you don't want the functionality at all.

        mark_freq(3600);

};

source src

{

    system();

    internal();

};

filter dhcpd { program("dhcpd"); };

filter ntpd { program("ntpd"); };

filter hostapd { program("hostapd"); };

filter messages

{

    not program("dhcpd")

    and not program("ntpd")

    and not program("hostapd")

#    and (facility(cron) and level(warn..emerg))

};

destination messages { file("/var/log/messages"); };

destination console_all { file("/dev/tty12"); };

destination dhcpd { file("/var/log/dhcpd.log"); };

destination ntpd { file("/var/log/ntpd.log"); };

destination hostapd { file("/var/log/hostapd.log"); };

log { source(src); filter(messages); destination(messages); };

log { source(src); filter(dhcpd); destination(dhcpd); };

log { source(src); filter(ntpd); destination(ntpd); };

log { source(src); filter(hostapd); destination(hostapd); };

log { source(src); destination(console_all); };

```

The crontab looks like this:

```

# for cronie

# $Id$

# Global variables

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/

# check scripts in cron.hourly, cron.daily, cron.weekly and cron.monthly

# if anacron is not present

59  *  * * *    root    [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.hourly

9  3  * * *     root    [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.daily

19 4  * * 6     root    [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.weekly

29 5  1 * *     root    [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.monthly

*/10  *  * * *  root    [ ! -x /etc/cron.hourly/0anacron ] && { test -x /usr/sbin/run-crons && /usr/sbin/run-crons ; }

*/2   *  * * *  root    /root/rrd/rrd-ping-yandex.sh >/dev/null 2>&1

*/2   *  * * *  root    /root/rrd/rrd-ping-ptp.sh >/dev/null 2>&1

*/5   *  * * *  root    /root/rrd/graph-ping.s >/dev/null 2>&1

```

And here is some lines from /var/log/messages

```

Jan  5 11:20:01 cux CROND[23079]: (root) CMD ([ ! -x /etc/cron.hourly/0anacron ] && { test -x /usr/sbin/run-crons && /usr/sbin/run-crons ; })

Jan  5 11:22:01 cux CROND[23102]: (root) CMD (   /root/rrd/rrd-ping-ptp.sh >/dev/null 2>&1)

Jan  5 11:22:01 cux CROND[23103]: (root) CMD (   /root/rrd/rrd-ping-yandex.sh >/dev/null 2>&1)

Jan  5 11:24:01 cux CROND[23124]: (root) CMD (   /root/rrd/rrd-ping-ptp.sh >/dev/null 2>&1)

Jan  5 11:24:01 cux CROND[23125]: (root) CMD (   /root/rrd/rrd-ping-yandex.sh >/dev/null 2>&1)

Jan  5 11:25:01 cux CROND[23145]: (root) CMD (   /root/rrd/graph-ping.s >/dev/null 2>&1)

Jan  5 11:26:01 cux CROND[23154]: (root) CMD (   /root/rrd/rrd-ping-ptp.sh >/dev/null 2>&1)

Jan  5 11:26:01 cux CROND[23155]: (root) CMD (   /root/rrd/rrd-ping-yandex.sh >/dev/null 2>&1)

```

So. I want to prevent logging of successful lunches of crontab events, but failed even specifying filter for messages.

I'm using cronie and had vixie-cron before - all is same. I know there are crons, that allow to specify the loglevel directly, but I don't know exactly.

Any ideas?

----------

## khayyam

cz0 ... I have the following:

```
filter f_messages { level(info..warn)

   and not facility(auth, authpriv, mail, news, cron); };

[...]

destination messages { file("/var/log/messages"); };

[...]

log { source(src); filter(f_messages); destination(messages); };
```

... the key part of which is the 'not facility' ... so, you can use a similar method to that provided in your syslog-ng to filter ('not') dhcpd, ntpd, etc, (untested).

```
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/show_bug.cgi?id=426814

@include "scl.conf"

options {

        threaded(yes);

        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of

        # how many messages syslog-ng missed (0).

        stats_freq(43200);

        # The default action of syslog-ng is to log a MARK line

        # to the file every 20 minutes.  That's seems high for most

        # people so turn it down to once an hour.  Set it to zero

        # if you don't want the functionality at all.

        mark_freq(3600);

};

source src

{

    system();

    internal();

};

filter dhcpd { program("dhcpd"); };

filter ntpd { program("ntpd"); };

filter hostapd { program("hostapd"); };

filter cron { program("cronie"); };

filter messages

{

    not program("dhcpd")

    and not program("ntpd")

    and not program("hostapd")

    and not program("cronie")

#    and (facility(cron) and level(warn..emerg))

};

destination messages { file("/var/log/messages"); };

destination console_all { file("/dev/tty12"); };

destination dhcpd { file("/var/log/dhcpd.log"); };

destination ntpd { file("/var/log/ntpd.log"); };

destination hostapd { file("/var/log/hostapd.log"); };

destination cron { file("/var/log/cron.log"); };

log { source(src); filter(messages); destination(messages); };

log { source(src); filter(dhcpd); destination(dhcpd); };

log { source(src); filter(ntpd); destination(ntpd); };

log { source(src); filter(hostapd); destination(hostapd); };

log { source(src); destination(console_all); };
```

HTH & best ... khay

----------

## cz0

 *khayyam wrote:*   

> cz0 ... I have the following:
> 
> ```
> filter f_messages { level(info..warn)
> 
> ...

 

Well, it is half of the story, actually. I don't want to mute cron completely, I still want to see errors if something goes wrong to en executed task (non zero return code). AFAIR the "not facility(cron)" will drop all messages from cron.

----------

## khayyam

 *cz0 wrote:*   

> Well, it is half of the story, actually. I don't want to mute cron completely, I still want to see errors if something goes wrong to en executed task (non zero return code). AFAIR the "not facility(cron)" will drop all messages from cron.

 

cz0 ... actually, I'm logging cron to its own logfile, but nevermind. In your case I'd assume the level would be 'notice' or 'warn', probably the latter (basically, not 'info'), so, you could do something like the following for example:

```
filter cron { program("cronie"); level(warn) ; };
```

HTH & best ... khay

----------

## cz0

It seems that this not a syslog-ng problem. It looks like cronie doesn't return proper exit code of the job. It ether show all, or show nothing regardless the result of the job. I have a couple of scripts: one always return 0 and another non-zero code (due to simulated fail). And the both appear and disappear from log at the same time depending if I specify level (info..emerg) or level(warn..emerg). Seems like all the diagnostics from cronie passed to the syslog at level info.

----------

## toralf

cron itself just returns whether a job could be started or not AFAIK - the job itself is responsible for its exits code independently.

----------

## cz0

It seems to be there are some implementations that handle return codes rather then simply command path and output:

```

  # Or, to log standard messages, plus jobs with exit status != 0:

  # EXTRA_OPTS='-L 5' 

  #

  # For quick reference, the currently available log levels are:

  #   0   no logging (errors are logged regardless)

  #   1   log start of jobs

  #   2   log end of jobs

  #   4   log jobs with exit status != 0

  #   8   log the process identifier of child process (in all logs)

  #

  EXTRA_OPTS="-L 0"

```

Mentioned here. But I wasn't able to figure out the particular name of the cron.

----------

## khayyam

 *cz0 wrote:*   

> Mentioned here. But I wasn't able to figure out the particular name of the cron.

 

cz0 ... as the subject is debian squeeze ... its probably sys-process/bcron.

best ... khay

----------

## cz0

 *khayyam wrote:*   

> 
> 
> cz0 ... as the subject is debian squeeze ... its probably sys-process/bcron.
> 
> 

 

Unfortunately not the case. I emerged bcron and went through all it's executables and non of them providing that option.

----------

## khayyam

 *cz0 wrote:*   

>  *khayyam wrote:*   cz0 ... as the subject is debian squeeze ... its probably sys-process/bcron. 
> 
> Unfortunately not the case. I emerged bcron and went through all it's executables and non of them providing that option.

 

cz0 ... well, that is what the link says is the case for squeeze, "Packages providing cron: bcron-run", and it says the same for wheezy, jessie, stretch, and sid. Though from this link it seems 'bcron' and 'bcron-run' are different packages ... I'd suggest looking at the sources.

best ... khay

----------

## cz0

I installed Debian Jessie in VM to have a look and it appear to be a Vixie-cron 3.0. Well, at least man page came from a Vixie cron and binary file /usr/sbin/cron mentions Vixie. But Debian version accepts option -L, while Gentoo doesn't. Have no idea.

----------

## khayyam

 *cz0 wrote:*   

> I installed Debian Jessie in VM to have a look and it appear to be a Vixie-cron 3.0. Well, at least man page came from a Vixie cron and binary file /usr/sbin/cron mentions Vixie. But Debian version accepts option -L, while Gentoo doesn't. Have no idea.

 

cz0 ... well, its debian ... which basically maintains patches for everything ... that is why I said look at the sources, specifically the patch(es) applied.

```
+ * Add option to control logging (-L) with patch provided by Steve Fosdick.

+  This makes it possible to log cron job finishing if you use -L 2

+  (Closes: #271747, #318247)
```

best ... khay

----------

## cz0

 *khayyam wrote:*   

> 
> 
> cz0 ... well, its debian ... which basically maintains patches for everything ... that is why I said look at the sources, specifically the patch(es) applied.
> 
> ```
> ...

 

Oh... thanks! That prevented me from going through all cron implementations available. Probably, I write an ebuild with this patch and see what happen. The only thing that makes me worry is that Debian uses version 3.0, while Gentoo 4.1. At least, it's a good point to start with, I think I will be able to adopt the patch.

----------

## cz0

Well, that patch itself seems to be mixed with dozens of other patches and it will be difficult to get it out. I wrote to the author.

----------

## Tony0945

Examples to only log error messages, amongst others:

```
login as: root

Using keyboard-interactive authentication.

Password:

gentoo ~ # crontab -l

# DO NOT EDIT THIS FILE - edit the master and reinstall.

# (/tmp/crontab.XXXX46GFQd installed on Mon Jul  6 09:29:17 2015)

# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)

10 0 * * *    /usr/local/sbin/nightly_sync  2>>/var/log/messages

24 3 * * sun  /usr/local/bin/grabit 2>&1  >>/var/log/messages

0 18 * * mon  /usr/local/bin/getquotes >/dev/null 2>>/var/log/messages

0 18 * * wed  /usr/local/bin/getquotes >/dev/null 2>>/var/log/messages

0 18 * * fri  /usr/local/bin/getquotes >/dev/null 2>>/var/log/messages

0  1 * * *    updatedb  >/dev/null 2>>/var/log/messages

0  0 * * *    /usr/local/sbin/nightly_logrotation >>/var/log/messages

gentoo ~ #

```

i.e. redirect the outputs you don't want to   either /dev/null or another file.  The "nightly_sync" script writes normal output to it's own log.

----------

## cz0

 *Tony0945 wrote:*   

> Examples to only log error messages, amongst others:
> 
> i.e. redirect the outputs you don't want to   either /dev/null or another file.  The "nightly_sync" script writes normal output to it's own log.

 

This doesn't work. cron will log jobs starting regardless process output. I have both stdout and stderr redirected to /dev/null (see the initial post) and this has nothing to do with the cron logs.

----------

## khayyam

 *cz0 wrote:*   

> Well, that patch itself seems to be mixed with dozens of other patches and it will be difficult to get it out. I wrote to the author.

 

cz0 .... hehe, yeah, debian. I never understood why so many people gravitated toward it. Besides the almost crazy level of patching, to then take a seperate patch (as is the case above) and merge it into a unified mega-patch is just silly.

best ... khay

----------

## cz0

So, I wrote (actually adopted exciting Debian patch) for Gentoo vixie-cron that make it possible to select what events will be logged. Besides, I modified init script and conf.d file to set this option on vixie-cron start. And some ebuild modification as well.

What's next? How can I submit this to Gentoo to make this feature available?

----------

## khayyam

 *cz0 wrote:*   

> So, I wrote (actually adopted exciting Debian patch) for Gentoo vixie-cron that make it possible to select what events will be logged. Besides, I modified init script and conf.d file to set this option on vixie-cron start. And some ebuild modification as well.
> 
> What's next? How can I submit this to Gentoo to make this feature available?

 

cz0 ... you would open a bug on b.g.o, providing the patch, modified ebuild, etc. However, if this patch is as it was (ie, one mega-patch) then it'll most likely be rejected.

best ... khay

----------

## cz0

 *khayyam wrote:*   

> cz0 ... you would open a bug on b.g.o, providing the patch, modified ebuild, etc. However, if this patch is as it was (ie, one mega-patch) then it'll most likely be rejected.
> 
> best ... khay

 

Nop. A hate this universe-sized Debian patches. A spent some unpleasant hours digging this particular out and adopting it to actual vixie-cron version. Hope, it will be accepted.

----------

