Dave's Brain

Browse - Computer Tips - How can I avoid the excessive messages in /var/log/messages from dovecot like this: audit: USER_ACCT pid=21508 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="user" exe="/usr/libexec/dovecot/auth" hostname=127.0.0.1 addr=127.0.0.1 terminal=dovecot res=success'

Date: 2016jan12
OS: Linux

Q.  How can I avoid the excessive messages in /var/log/messages from dovecot like this: audit: USER_ACCT pid=21508 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="<user>" exe="/usr/libexec/dovecot/auth" hostname=127.0.0.1 addr=127.0.0.1 terminal=dovecot res=success'

A.  It would be better if there was an option to turn it off.
But for now, I have added a filter to /etc/rsyslog.conf:

if $programname == 'audit' and $msg contains 'addr=127.0.0.1' then stop
I don't want to stop all messages from audit since some may be useful. And most of my dovecot logins come from webmail on localhost. Of course, your situation may vary. This needs to be near the stop of /etc/rsyslog.conf ... before any mention of /var/log/messages

Add a comment

Sign in to add a comment
Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.