| View previous topic :: View next topic |
| Author |
Message |
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
 Posted: Mon May 09, 2005 7:01 pm Post subject: How do I filter syslog-ng messages? [SOLVED] |
 |
|
I have a script running on my server that checks if there is a script running, and if it founds out that it is not running it starts the script.
Now everytime the script is run from crontab, I get a message in /var/log/messages that looks like this:
| Code: | | May 9 11:00:01 gen2 cron[29344]: (sitebot) CMD (/glftpd/sitebot/monique.botchk >\/dev\/null 2>&1) |
How do I filter these messages the best way so that they do not fill up my logs?
Last edited by dj_farid on Tue Dec 13, 2005 5:02 pm; edited 1 time in total |
|
| Back to top |
|
 |
nixnut
Bodhisattva
Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains
|
| Posted: Mon May 09, 2005 7:35 pm Post subject: Re: How do I filter syslog-ng messages? |
|
|
| dj_farid wrote: | I have a script running on my server that checks if there is a script running, and if it founds out that it is not running it starts the script.
Now everytime the script is run from crontab, I get a message in /var/log/messages that looks like this:
| Code: | | May 9 11:00:01 gen2 cron[29344]: (sitebot) CMD (/glftpd/sitebot/monique.botchk >\/dev\/null 2>&1) |
How do I filter these messages the best way so that they do not fill up my logs? |
Use the filter and match featues.
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
talk is cheap. supply exceeds demand |
|
| Back to top |
|
|
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
| Posted: Sun Nov 27, 2005 12:37 am Post subject: |
|
|
I managed to filter the messages from /var/log/messages.
Some time ago they just appeared again. I don't understand why.
| Code: | | Nov 27 01:15:01 gen2 cron[20763]: (sitebot) CMD (/glftpd/sitebot/monique.botchk >\/dev\/null 2>&1) |
| Code: | # cat /etc/syslog-ng/syslog-ng.conf
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.4 2004/07/18 02:25:02 dragonheart Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
long_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# log { source(src); destination(messages); };
# log { source(src); destination(console_all); };
#Filter sitebot messages
filter f_sitebot { program (sitebot) and match(">\/dev\/null"); };
#Filter CRON messages every 10 minutes.
filter f_not_cron_test { not facility(cron) or not match("test"); };
log { source(src); filter(f_not_cron_test); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(console_all); };
gen2 farid #
|
Why isn't it filtering anymore? |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Sun Nov 27, 2005 9:26 am Post subject: |
|
|
because you define the filter but you don't use it actually.
Add f_sitebot to the log statements to get used.
HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
| Posted: Sun Dec 04, 2005 5:18 pm Post subject: |
|
|
This whole thing seems strange to me. I've read the manpage fos syslog-ng several times. I have a problem to really understand it.
This is what I did anyway:
| Code: | # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.4 2004/07/18 02:25:02 dragonheart Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
long_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# log { source(src); destination(messages); };
# log { source(src); destination(console_all); };
#Filter sitebot messages
filter f_sitebot { program (sitebot) and match(">\/dev\/null"); };
log { source(src); filter(f_sitebot); destination(messages); };
log { source(src); filter(f_sitebot); destination(console_all); };
#Filter CRAON messages every 10 minutes.
filter f_not_cron_test { not facility(cron) or not match("test"); };
log { source(src); filter(f_not_cron_test); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(console_all); };
|
The lines disappeared from the logs, just as I wanted.
Today after a restart, the lines are back.
Could someone please explain what I am doing wrong and why it seems to be fixed one day to come back again.[/quote] |
|
| Back to top |
|
|
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
| Posted: Mon Dec 12, 2005 5:58 pm Post subject: |
|
|
| No one? |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Tue Dec 13, 2005 4:14 pm Post subject: |
|
|
| dj_farid wrote: | | Code: | source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
filter f_sitebot { program (sitebot) and match(">\/dev\/null"); };
filter f_not_cron_test { not facility(cron) or not match("test"); };
log { source(src); filter(f_sitebot); destination(messages); };
log { source(src); filter(f_not_cron_test); destination(messages); };
|
|
First you log everything without anything matched by the filter 'f_sitebot' and some lines later you log everything without anything matched by 'f_not_cron_test'.
With that kind of config you do actually filter nothing at all... everything filtered out in the first log statment is matched by the second and vice versa.
How about using this log statement instead
| Code: | | log { source(src); filter(f_not_cron_test); filter(f_sitebot); destination(messages); }; |
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
| Posted: Tue Dec 13, 2005 5:02 pm Post subject: |
|
|
Thank you Think4UrS11!
I now understand syslog-ng a lot better. |
|
| Back to top |
|
|
|
Other Things Gentoo
