Crontab - OSSEC Wiki

From OSSEC Wiki

Jump to: navigation, search

Cron/Crontab Log Samples

Crontab edited by root:

Sep 11 09:46:33 sys1 crontab[20601]: (root) BEGIN EDIT (root)
Sep 11 09:46:39 sys1 crontab[20601]: (root) REPLACE (root)
Sep 11 09:46:39 sys1 crontab[20601]: (root) END EDIT (root)

This is root editing another user's crontab:

Sep 11 09:50:42 sys1 crontab[20230]: (root) BEGIN EDIT (user1)
Sep 11 09:51:06 sys1 crontab[20230]: (root) REPLACE (user1)
Sep 11 09:51:06 sys1 crontab[20230]: (root) END EDIT (user1)

This is a user editing their own crontab:

Sep 11 09:51:39 sys1 crontab[20761]: (user1) BEGIN EDIT (user1)
Sep 11 09:51:46 sys1 crontab[20761]: (user1) REPLACE (user1)
Sep 11 09:51:46 sys1 crontab[20761]: (user1) END EDIT (user1)

Additional samples:

Sep 11 15:20:57 copacabana crontab[7972]: (dcid) BEGIN EDIT (dcid)
Sep 11 15:21:26 copacabana crontab[7972]: (dcid) REPLACE (dcid)
Sep 11 15:21:26 copacabana crontab[7972]: (dcid) END EDIT (dcid)
Sep 11 15:22:01 copacabana /USR/SBIN/CRON[7993]: (dcid) CMD (/bin/xx)
Sep 11 15:22:01 copacabana /USR/SBIN/CRON[7992]: (dcid) MAIL (mailed 102 bytes of output but got status 0x0001 )

Retrieved from "http://ossec.net/wiki/index.php/Crontab"

Views

Edit

Personal tools

Log in / create account

Documentation

Search