Hi all,
I wonder if anyone else feels that the amount of logging into /var/log/auth.log is currently excessive and that perhaps we should try to reduce it.
On my unused testing server (Debian 10 & HestiaCP 1.5.1) the /var/log/auth.log file has grown by 23k lines in 4 days.
I’ve noticed that /etc/sudoers.d/admin file includes a !syslog entry …
TIA, K.
Edit: Sorry for the misunderstanding, I was referring to the auth.log entries generated by internal HestiaCP housekeeping tasks e.g.
Dec 9 19:50:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:50:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:50:02 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:50:02 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:50:02 myserver CRON[2999]: pam_unix(cron:session): session closed for user admin
Dec 9 19:50:02 myserver CRON[3000]: pam_unix(cron:session): session closed for user admin
Dec 9 19:50:02 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:50:02 myserver CRON[2998]: pam_unix(cron:session): session closed for user admin
Dec 9 19:52:01 myserver CRON[3275]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:52:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:52:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:52:01 myserver CRON[3275]: pam_unix(cron:session): session closed for user admin
Dec 9 19:53:51 myserver su: (to root) root on none
Dec 9 19:53:51 myserver su: pam_unix(su-l:session): session opened for user root by (uid=0)
Dec 9 19:53:51 myserver systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Dec 9 19:54:00 myserver su: pam_unix(su-l:session): session closed for user root
Dec 9 19:54:01 myserver CRON[3916]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:54:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:54:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:54:01 myserver CRON[3916]: pam_unix(cron:session): session closed for user admin
Dec 9 19:54:10 myserver systemd: pam_unix(systemd-user:session): session closed for user root
Dec 9 19:55:01 myserver CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 9 19:55:01 myserver CRON[3946]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:55:01 myserver CRON[3945]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:55:01 myserver CRON[3944]: pam_unix(cron:session): session closed for user root
Dec 9 19:55:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:55:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:55:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:55:01 myserver CRON[3946]: pam_unix(cron:session): session closed for user admin
Dec 9 19:55:02 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:55:02 myserver CRON[3945]: pam_unix(cron:session): session closed for user admin
Dec 9 19:56:01 myserver CRON[4195]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:56:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:56:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:56:01 myserver CRON[4195]: pam_unix(cron:session): session closed for user admin
Dec 9 19:58:01 myserver CRON[4223]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 19:58:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 19:58:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 19:58:01 myserver CRON[4223]: pam_unix(cron:session): session closed for user admin
Dec 9 20:00:01 myserver CRON[4251]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 20:00:01 myserver CRON[4252]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 20:00:01 myserver CRON[4250]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 20:00:01 myserver CRON[4251]: pam_unix(cron:session): session closed for user admin
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 20:00:01 myserver CRON[4252]: pam_unix(cron:session): session closed for user admin
Dec 9 20:00:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 20:00:01 myserver CRON[4250]: pam_unix(cron:session): session closed for user admin
Dec 9 20:02:01 myserver CRON[4529]: pam_unix(cron:session): session opened for user admin by (uid=0)
Dec 9 20:02:01 myserver sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 9 20:02:01 myserver sudo: pam_unix(sudo:session): session closed for user root
Dec 9 20:02:01 myserver CRON[4529]: pam_unix(cron:session): session closed for user admin
Dec 9 20:02:05 myserver su: (to root) root on none
Dec 9 20:02:05 myserver su: pam_unix(su-l:session): session opened for user root by (uid=0)
Dec 9 20:02:06 myserver systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)