Avatar of linuxpig
linuxpig
 asked on

Filter entries in /var/log/messages on CentOS

All,

I need to know if there is a way to filter entries from being logged in /var/log/messages. I see alot or repetitive, un-important things being logged that i don't need logged and it makes it hard to review the log file.

I tried to add an entry in /etc/syslog.conf, for example, snmpd entries,

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;snmp.none;cron.none                /var/log/messages


This stopped logging to the messages file altogether so i assume it broke it because when i removed the entry, things started being logged again.

I am running CentOS 5.5 64-bit so anyone with experience in this or RHEL may know how to do this.

LinuxLinux Distributions

Avatar of undefined
Last Comment
farzanj

8/22/2022 - Mon
svs

"syslog" logging system has a limited number of message classes (mail, authpriv etc.), and 'snmp' isn't one of them.

you should probably use another system logging daemon, one that allows fine-grained filtering of messages (syslog-ng is one example).
linuxpig

ASKER
Can you provide some more information for syslog-ng, it sounds like your taking a shot in the dark with your suggestion and im looking for a solid solution. I would also need to have the ability to filter other overly repetitive entries from future programs i would install that would clog up the messages log file with useless entries.

If anyone else has additional solid solutions, please let me know. As much specifics as possible please.

Thanks!
ASKER CERTIFIED SOLUTION
svs

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
linuxpig

ASKER
Unfortunately i cannot install any additional software so the solution i require is to be able to use what CentOS already has to effectively filter these selected messages.

So, again, if anyone else has additional solid solutions, please let me know. As much specifics as possible please
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
SOLUTION
mccracky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
farzanj

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
linuxpig

ASKER
As i mentioned, the level or type of messages are to begin with snmp entries. I was hoping not to have to go the script route, but if someone knows of a script that cron can run that will clean up specific entries in messages, please let me know. I was hoping it was just an entry in /etc/syslog.conf that could do the job.

Is this not possible?
SOLUTION
mccracky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
linuxpig

ASKER
Thanks McCracky, but snmpd messages were just an example, as i said in prior posts, the solutions would have to be applicable to any numerous entries i would want to filter.
SOLUTION
mccracky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
linuxpig

ASKER
I guess this cant be done as i was looking for
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
farzanj

In your logout bash script .bash_logout, put a simple script to clean it up or make a cron job.  Whats wrong with that
mccracky

Actually, it can, but you have self-limited the constraining parameters.  

syslog itself has ways to separate out things into different files, but you don't want to use those facilities with the constraints within syslog.  

rsyslog or syslog-ng has been suggested, but you don't want to use those programs.  

Bash scripts or log rotation have been suggested, but you don't want to use those.  

Modifying the program's logging behavior has been suggested, but you don't want to do that.

So, what do you want to do?
mccracky


According to the guidelines on the site, you shouldn't just delete something because it wasn't what you wanted.  There where several solutions to the situation given.

Step 4: Assign Points
    Points are your advertising; the more points you assign, the more likely you are to get a quick response. Points are not the reward you give for your answer. For example, if you ask how to do something, and an Expert tells you that you can't, that's the answer, and all of the points should be awarded, even if you don't like the answer.

(From: https://www.experts-exchange.com/help.jsp#hs=29&hi=396)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
mccracky

Comment 35097299 suggested a solution of syslog-ng

Comment 35112776 suggested reducing the logging from the problematic programs

Comment 35113840 showed the full array of options for syslog that were available.

Comment 35110662 suggested redefining the levels of the logging to help filter with syslog.

Comment 35110769 suggested a script to help filter the logs.

Split the points between the above.
linuxpig

ASKER
Mccracky,

When someone posts a question with specific guidelines that need to be followed to form a specific solution to particular problem and then all you have to suggest are anything but, that's not a solution. I already knew about syslog-ng, and everything else you suggested was ridiculous. You have to read what the person is specifically asking and if you know of a solution to help that problem, then say so, dont post random answers just to try and get points.

If its that easy, everyone would do it. Its like someone asking is anyone knows how to draw a circle and you tell them to draw a square instead because its a shape too.
mccracky

The better analogy is a question asking how to fit a square peg in a round hole without changing anything on the peg or the hole.  

With the contraints you put on the question, it isn't possible (as mentioned in comment 35113840).

You can reduce the logging the programs do (as I mentioned) which, in the analogy, shrinks the size of the square peg so that the corners still fit within the diameter of the round hole.

You can change the program to syslog-ng or rsyslog, in effect changing the hole to a square one.

You can write your own scripts to filter the logs, in effect filing the round hole into a square shape.

But, without changing something of the peg or the hole, it can't be done, as you finally acknowledged in comment 35245090.

It's like asking what 2 + 2 is but putting on the constraint that the answer can't be higher than 3.

That it can't be done is an acceptable answer according to the FAQ, too.

sjm

P.S. They weren't just "random answers" in order to get points.  Everything mentioned was a viable solution to the problem.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
farzanj

linuxpig:
>> everything else you suggested was ridiculous.

You have the right not to use any suggested solution, but you have NO right to call the precious effort and time of serious professionals as "ridiculous".