[ale] rsyslog blank lines after a stop

George Allen glallen01 at gmail.com
Sat Jul 28 07:54:29 EDT 2018 

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")  # <---- is there
anything in here?

# both of these worked with `logger test1` or `logger test2` on
commandline, but let `logger test` pass
if $msg contains "test1" then { stop }
if ($msg contains "test2") then { stop }

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console


On Sat, Jul 28, 2018 at 1:57 AM, Alex Carver <agcarver+ale at acarver.net>
wrote:

> I did it with RanierScript as well.  Didn't work.
>
> if ($msg contains "key word") then {
> stop
> }
>
> Still gives me blank lines.
>
> On 2018-07-27 19:58, George Allen wrote:
> > The RanierScript format may help with anything beyond the defaults with
> > rsyslog: https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
> >
> > You could do something like:
> > ruleset( name="DealWithBuggyMachine" ){
> >   if $fromhost-ip == "192.0.2.2" then {
> >     if $msg contains "key test" then {
> >       action( type="omfile" file="/var/log/keytext.log" )
> >       stop
> >     }
> >     if $msg contains "text of warning" then {
> >       stop
> >     }
> >     action( type="omfile" file="/var/log/otherfile.log" )
> >   }
> > }
> >
> > See also for sanity's sake:
> > https://github.com/evertrue/logserver-cookbook/wiki/
> Supplemental-rsyslog-documentation
> > And
> > https://selivan.github.io/2017/02/07/rsyslog-log-
> forward-save-filename-handle-multi-line-failover.html
> > with the "legacy" and "modern" comparisons...
> >
> > Takes a minute to figure out Ranierscript, but well worth it.
> >
> > -George
> >
> >
> >
> > On Sun, Jul 22, 2018 at 1:04 PM, Alex Carver via Ale <ale at ale.org>
> wrote:
> >
> >> On one of my machines a known bug is emitting harmless warning messages
> >> that are getting sucked up into messages and kern.log.  I just want to
> >> silence these warnings so I set up at the top of rsyslog's configuration
> >> (version 8.24.0):
> >>
> >> :msg, contains, "text of warning" stop
> >>
> >> This is before the kern.* that sends to kern.log and also before *.=warn
> >> which sends to messages.
> >>
> >> The result, though, is that the message is erased but a blank,
> >> timestamped entry is added to both files.  So where I used to get:
> >>
> >> timestamp hostname kernel: [ticks] "text of warning here plus other
> >> information" <EOL>
> >>
> >> I now just get in both messages and kern.log:
> >> timestamp hostname kernel: [ticks]<EOL>
> >>
> >> I had expected the log entries to be gone completely.  I have a similar
> >> line at the top of rsyslog.conf that looks for key text and diverts to a
> >> file:
> >>
> >> :msg, contains, "key text" -/var/log/keytext.log
> >> & stop
> >>
> >> This one works, I don't get any "key text" entries in kern.log or
> >> messages.  I tried something similar using /dev/null but that still
> >> causes the same blank lines.
> >>
> >> I'm considering giving up and switching to syslog-ng on this system but
> >> I figured I'd ask and see if anyone had a thought.  Searching everywhere
> >> online doesn't offer any suggestions about why I get blank lines after a
> >> stop.
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> https://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20180728/a69958f7/attachment.html>

More information about the Ale mailing list