RE: [syslog-ng]Supressing messages...
If there is no way to exclude it, try to make a new destination to /dev/null ? Kéven Belanger Analyste en solutions de sécurité Logicon Inc. - Division Sécurité 819.825.8049 x7717 800.567.6399 x7717 -----Original Message----- From: bhartin@straus-frank.com [mailto:bhartin@straus-frank.com] Sent: Wednesday, August 21, 2002 15:25 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Supressing messages... I'm running syslog-ng-1.4.14-0. Long story short, I want to supress the logging of "VFS: Disk change detected..." messages that plague RH 7.1 installs using KDE w/autorun on CDs. Updating syslog-ng versions isn't happening anytime soon unless it is the only way to do so. What can I do to supress any and all logging of just this message, without affecting anything else in that group (kern.* or wherever it's at)? I'm sure newer versions have a working text based filter or such, but I'm pressed for time =(. Thanks for any help anyone can provide, -- Bradley Hartin - bhartin@straus-frank.com Communications and Network Administrator Straus-Frank Company _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Wed, 21 Aug 2002, Keven Belanger wrote:
If there is no way to exclude it, try to make a new destination to /dev/null ?
The problem is that I haven't found a way for a filter to catch it. The kernel version uses a printk for KERN_DEBUG. I've tried a filter against facility for debug, kern.debug, and *.debug--all of which show up as unknown facilities. I tried 'match("Disk change detected")' to no avail either. I may have to bite the bullet and move to a newer version, but.... -- Bradley Hartin - bhartin@straus-frank.com Communications and Network Administrator Straus-Frank Company
-----Original Message----- From: bhartin@straus-frank.com [mailto:bhartin@straus-frank.com] Sent: Wednesday, August 21, 2002 15:25 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Supressing messages...
I'm running syslog-ng-1.4.14-0. Long story short, I want to supress the logging of "VFS: Disk change detected..." messages that plague RH 7.1 installs using KDE w/autorun on CDs. Updating syslog-ng versions isn't happening anytime soon unless it is the only way to do so.
What can I do to supress any and all logging of just this message, without affecting anything else in that group (kern.* or wherever it's at)?
I'm sure newer versions have a working text based filter or such, but I'm pressed for time =(.
Thanks for any help anyone can provide,
Hmm, after googling for "syslog-ng stop processing" I found: http://citadelle.intrinsec.com/mailing/current/HTML/ml_syslogng/0194.html Using negative filters on each entry could do it, but would need an entry in each log line: filter f_not_vfs { not match("VFS: Disk change detected"); }; log { source(src); filter(f_kern); filter(f_not_vfs); destination(messages); }; The other way is the "final" flag with 1.5.x. I haven't tested this but it should work: destination dev_null { file("/dev/null"); }; filter f_vfs { match("VFS: Disk change detected"); }; log { source(src); filter(f_vfs); destination(dev_null); flags(final); }; Let us know how it works out. -- ASCII and ye shall receive.
On Wed, 21 Aug 2002, Nate Campi wrote:
Using negative filters on each entry could do it, but would need an entry in each log line:
Actually, this was part of it. I had a couple different things, but it wasn't in the filter, but in the log sections. I log locally, then seperately log all via tcp. I (A) only had the filter in the local bits, not the remote (the main issue), and (B) had a brain failure and didn't put a 'not' in there. Don't worry, I knew it was case sensitive =) Thanks to all who replied...it's working like a charm now! -- Bradley Hartin - bhartin@straus-frank.com Communications and Network Administrator Straus-Frank Company
participants (3)
-
bhartin@straus-frank.com
-
Keven Belanger
-
Nate Campi