How to ignore Cp-Wrap messages in /var/log/secure

[latinos986]

Hi, in my secure.log I have tons of this lines:


Aug 26 04:18:18 venus Cp-Wrap[13895]: Pushing "47 GETDISKUSED xxxxxxxx.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47
Aug 26 04:18:18 venus Cp-Wrap[13895]: CP-Wrapper terminated without error


I would like to ignore those lines, I've readed in the forum about edit /etc/log.d/conf/services/secure.conf file, but I don't have this file

Anybody has an idea about what should I do? tnks in advance.

I'm using:
CENTOS 5.5 x86_64 virtuozzo
cPanel 11.25.0-S46156 - WHM 11.25.0 - X 3.9

 

[cPanelDon]

Hi, in my secure.log I have tons of this lines:

Aug 26 04:18:18 venus Cp-Wrap[13895]: Pushing "47 GETDISKUSED xxxxxxxx.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47
Aug 26 04:18:18 venus Cp-Wrap[13895]: CP-Wrapper terminated without error

I would like to ignore those lines, I've readed in the forum about edit /etc/log.d/conf/services/secure.conf file, but I don't have this file

Anybody has an idea about what should I do? tnks in advance.

I'm using:
CENTOS 5.5 x86_64 virtuozzo
cPanel 11.25.0-S46156 - WHM 11.25.0 - X 3.9

The described log entries are normal. Is there a specific reason that necessitates ignoring Cp-Wrap (CP-Wrapper) log messages (in "/var/log/secure")?

What problem are you seeing exhibited, if any?

 

[TexasCellNet]

I too get a few of those lines....

I get 7 Meg emails... That's an ungodly amount of Cp-Wrap lines:

--------------------- Connections (secure-log) Begin ------------------------


**Unmatched Entries**
Cp-Wrap[16982]: CP-Wrapper terminated without error
Cp-Wrap[17004]: CP-Wrapper terminated without error
Cp-Wrap[17012]: CP-Wrapper terminated without error
Cp-Wrap[17037]: CP-Wrapper terminated without error
Cp-Wrap[17041]: CP-Wrapper terminated without error

counting all the way to

Cp-Wrap[32731]: CP-Wrapper terminated without error
Cp-Wrap[32763]: CP-Wrapper terminated without error
Cp-Wrap[313]: CP-Wrapper terminated without error
Cp-Wrap[317]: CP-Wrapper terminated without error
Cp-Wrap[324]: CP-Wrapper terminated without error
Cp-Wrap[333]: CP-Wrapper terminated without error
Cp-Wrap[368]: CP-Wrapper terminated without error
Cp-Wrap[374]: CP-Wrapper terminated without error

and then for some reason starting over at 313 and moving on

Cp-Wrap[32748]: CP-Wrapper terminated without error
Cp-Wrap[32760]: CP-Wrapper terminated without error
Cp-Wrap[302]: CP-Wrapper terminated without error
Cp-Wrap[336]: CP-Wrapper terminated without error

counting all the way up and starting over at 302, wierd!

all the way to the end:

Cp-Wrap[6770]: CP-Wrapper terminated without error
Cp-Wrap[6772]: CP-Wrapper terminated without error

44454 Ignored Lines

---------------------- Connections (secure-log) End -------------------------

cPanel support said these errors are normal. No need to ignore, but I'd say 6 to 8 meg log files would be a reason to exclude the error msg, or better yet help me find the root issue, if one exists. I've been glancing over the forums for a year now and have found no help. Anybody got an answer?

 

[cPanelDon]

Customize system logwatch configuration to ignore specific services

Please note that the reported message is not an error; however, if you are receiving e-mails from the system utility "logwatch" then I believe you may be able to ignore certain log entries by adjusting the appropriate logwatch configuration file(s). For RHEL4/CentOS4, having logwatch ignore the service appeared to work as reported in this older thread: Logwatch Full of CP-Wrap messages - cPanel Forums

The following steps should help if you need to have logwatch ignore "Cp-Wrap" log entries in /var/log/secure:

• For RHEL4/CentOS4:
  1. Verify if logwatch is installed and install if needed:
     

     # rpm -q logwatch
     # /scripts/ensurerpm logwatch

  2. Locate appropriate configuration file:
     

     /etc/log.d/conf/services/secure.conf

  3. Open configuration file, look for a line like the following:

     $ignore_services = sshd Pluto stunnel proftpd

  4. Edit to append an additional ignored service:
     

     $ignore_services = sshd Pluto stunnel proftpd Cp-Wrap

  5. Save changes and then wait to check the content of future logwatch e-mails.
• For RHEL5/CentOS5:
  1. Verify if logwatch is installed and install if needed:
     

     # rpm -q logwatch
     # /scripts/ensurerpm logwatch

  2. Locate appropriate configuration file:
     

     /etc/logwatch/conf/services/secure.conf

  3. If configuration file does not exist, create it by copying the default:
     

     # cp -av /usr/share/logwatch/default.conf/services/secure.conf /etc/logwatch/conf/services/secure.conf

  4. Open configuration file, look for a line like the following:

     $ignore_services = sshd Pluto stunnel proftpd saslauthd imapd

  5. Edit to append an additional ignored service:
     

     $ignore_services = sshd Pluto stunnel proftpd saslauthd imapd Cp-Wrap

  6. Save changes and then wait to check the content of future logwatch e-mails.

 

[density5]

Although I haven't had any messages from cp-wrap I care about *yet*, I don't want to exclude impotant messages in the future. I found this post to be a better solution, although it does invoke 2 regexes:

Stopping Pushing “47 GETDISKUSED blah” for UID: 47 messages in Cpanel logwatch | Website Design West Midlands

 

[MaraBlue]

Although I haven't had any messages from cp-wrap I care about *yet*, I don't want to exclude impotant messages in the future. I found this post to be a better solution, although it does invoke 2 regexes:

Stopping Pushing “47 GETDISKUSED blah” for UID: 47 messages in Cpanel logwatch | Website Design West Midlands

Both methods have the same results. One isn't necessarily better than the other, and there is NOTHING important about seeing Cp-Wrap in the log files.