0

We have a certain process related to Azure that is running that is constantly writing out the following to our logs:

Aug 18 06:54:28 log-ids-vm rsyslogd-3000: omazuremds error at connect(). errno=No such file or directory

How can we stop a certain process from writing to the messages log? Or, if we're using something like Ossec for log retrieval, how can we filter it out?

3
  • What Linux are you running? Do you know which logger is it using?
    – Marco
    Commented Aug 18, 2017 at 7:17
  • @Marco We're using Centos 7. We're using Ossec for log retrieval and Graylog for management.
    – Pat
    Commented Aug 18, 2017 at 8:06
  • TY for the details. I think that @HBruijn 's answer perfectly fits your needs.
    – Marco
    Commented Aug 18, 2017 at 8:27

1 Answer 1

2

How can we stop a certain process from writing to the messages log?

By configuring that logging options of that process, i.e. make it log to file instead of to STDOUT or syslog or configure the log level to be less verbose/silent.

Alternatively since you appear to be using rsyslog:

Rsyslogd supports filter conditions, one of which, the ~ is to silently discard messages that match a specific pattern:

Using negation can be useful if you would like to do some generic processing but exclude some specific events. You can use the discard action in conjunction with that. A sample would be:

*.* /var/log/allmsgs-including-informational.log :msg, contains, "informational" ~ *.* /var/log/allmsgs-but-informational.log

Do not overlook the tilde ~in line 2! In this sample, all messages are written to the file allmsgs-including-informational.log.
Then, all messages containing the string “informational” are discarded. That means the config file lines below the “discard line” (number 2 in our sample) will not be applied to this message. Then, all remaining lines will also be written to the file allmsgs-but-informational.log.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .