Reducing /var/log/messages Clutter

On a hardened gentoo machine, the main /var/log/messages file becomes hugely cluttered with the minute-by-minute cron messages. They are far too verbose :-( Cut down on the clutter by editing and adding the red/bold change:

hostname ~ # emacs -nw /etc/syslog-ng/syslog-ng.conf

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
#filter f_ppp { facility(ppp); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, mail, news, cron); };
filter f_emergency { level(emerg); };

Minute-by-minute cron messages are still logged, but only to /var/log/cron.log, not the main /var/log/messages file. Sanity is restored :-)

For Reference, here are a couple of example syslog-ng.conf files:

Typical hardened syslog-ng.conf

Typical workstation syslog-ng.conf

Gentoo Daily Sync

Add these lines to your /etc/crontab file:

# Every morning at 1:18am (randomly chosen!) I sync with a gentoo mirror
18 1  * * *      root   /usr/bin/emerge --sync > /dev/null 2>&1 ; prelink -amvfR > /dev/null 2>&1

If you admin several servers, watch out that you don't exceed your rsync-server maximum connection limit! Stagger the sync-times amongst your machines, to spread the load.
The prelink portion is really only useful for a workstation; omit for a server.