Effective Cron Job Logging: Redirecting Output to Syslog with Proper Facility/Priority


3 views

Traditional cron implementations default to emailing output to the local user, creating unnecessary noise for system administrators. The standard behavior:

# Default cron behavior (sends email)
0 * * * * root /usr/local/nagios/sbin/nsca_check_disk

We can redirect cron output to syslog using logger, which provides several advantages:

# Basic redirection to syslog
0 * * * * root /usr/local/nagios/sbin/nsca_check_disk 2>&1 | logger -t nsca_check_disk

For better log management, specify appropriate facility and priority:

# Using cron facility with notice priority
0 * * * * root /usr/local/nagios/sbin/nsca_check_disk 2>&1 | logger -t nsca_check -p cron.notice

For production systems, consider these enhancements:

# With process ID and custom tag
0 * * * * root /usr/local/nagios/sbin/nsca_check_disk 2>&1 | logger -t "nagios-nsca[$$]" -p local0.notice

# For scripts without proper exit codes
0 * * * * root /usr/local/nagios/sbin/nsca_check_disk > >(logger -t nsca_check -p cron.notice) 2>&1

Create dedicated configuration for cron logs:

# rsyslog.conf example
if $programname == 'nsca_check' then /var/log/nagios/nsca.log
& stop

# syslog-ng equivalent
filter f_nsca { program("nsca_check"); };
destination d_nsca { file("/var/log/nagios/nsca.log"); };
log { source(s_src); filter(f_nsca); destination(d_nsca); flags(final); };

Configure logrotate for proper log management:

# /etc/logrotate.d/nagios-nsca
/var/log/nagios/nsca.log {
    daily
    rotate 7
    compress
    missingok
    notifempty
    create 640 root adm
}

For scripts that require both logging and error handling:

0 * * * * root /usr/local/nagios/sbin/nsca_check_disk > >(logger -t nsca_check -p cron.notice) 2>&1 || logger -t nsca_check -p cron.err "Command failed with exit code $?"

Some systems support environment variables for logging:

# In /etc/default/cron
CRON_OUTPUT_LOGGER="logger -t cron-script -p cron.notice"

Standard cron implementations typically handle job output in one of three problematic ways:

# Default behavior - emails output to MAILTO address
* * * * * /path/to/command

# Common workaround - redirecting to /dev/null (loses all output)
* * * * * /path/to/command >/dev/null 2>&1

# Another workaround - creating individual log files
* * * * * /path/to/command >> /var/log/command.log 2>&1

The most robust approach is to send cron output to syslog. Here's how to implement it:

# Basic syslog redirection using logger
* * * * * /path/to/command 2>&1 | logger -t cron-nsca

# With custom facility and priority
* * * * * /path/to/command 2>&1 | logger -t cron-nsca -p cron.info

# For systems without logger (using socat)
* * * * * /path/to/command 2>&1 | socat - UNIX-SENDTO:/dev/log

For better log management, configure syslog to handle cron-specific messages:

# /etc/rsyslog.conf example:
cron.* /var/log/cron.log
cron.err /var/log/cron-errors.log
cron.nagios.* /var/log/nagios-cron.log

# Rotate logs properly (logrotate config):
/var/log/cron.log {
    weekly
    rotate 4
    compress
    missingok
    notifempty
}

For scripts that don't support native syslog output, create a wrapper:

#!/bin/bash
# /usr/local/bin/syslog_wrapper
CMD=$1
shift
LOGTAG=${2:-$(basename $1)}
LOGFACILITY=${3:-cron.notice}

"$CMD" "$@" 2>&1 | logger -t "$LOGTAG" -p "$LOGFACILITY"

# Usage in crontab:
0 * * * * root /usr/local/bin/syslog_wrapper /usr/local/nagios/sbin/nsca_check_disk nsca-disk

Different Unix variants may require adjustments:

  • Linux (systemd): Use journalctl -t cron-nsca
  • BSD: May need to use /var/run/log instead of /dev/log
  • AIX: Requires specific syslogd configuration for UDP reception