On Mon, 2007-11-26 at 08:42 -0600, Mike McGrath wrote:
2) would be more favored by me where possible.
No problem. From todays' report a couple of things we can do:
1. remove all user failure reports. They don't do us any good and
they're always ssh bruteforce attacks. Denyhosts will do its thing, or
not, but we can't be told about them all the time.
2. weed out pretty much everything beginning with:
rsyncd - informational messages about rsync processes - not useful
puppetd - notices on what is or is not done - not useful, either
- if we can turn off the syslog component of this and only have
this in the local puppet logs that'd be fine
ntpd - garbage noise - not useful for a log report
git-daemon - do I really need to explain why we can nuke this?
3. all of these lines:
crond: pam_unix(crond:session): session closed for user root
iirc, there is a new login module which handles these
4. puppetmasterd* - these appear to be errors/warnings from
puppetmasterd - these need to be fixed.
pruning out the items in 2 alone will nuke the better part of this