Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] I can not filter out some systemd messages in syslog
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Tue, 17 May 2016 04:30:05 +0200 (CEST)
  • Message-id: <alpine.LSU.2.20.1605170424500.26081@Grypbagne.inyvabe>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



A year ago, on Saturday, 2014-03-01 at 17:22 +0100, I wrote:
On Saturday, 2014-03-01 at 16:43 +0100, I wrote:

So the "stop" line for those systemd entries is not acting. However, it
works for other sections, like the "named" section shown above, and others
I do not show for clarity.

Are systemd entries special?

I now have:

if ($msg contains 'Started Session' and $msg contains 'of user') \
then -/var/log/systemdpurged
& stop

if ($programname == 'xinetd' or $syslogtag == '[xinetd]:')
then -/var/log/xinetd.log
& stop

I get the expected entries in xinetd.log and systemdpurged.

The xinetd entries do not appear in /var/log/messages, but the systemd
entries do. The stop clause is ignored for them:

<3.6> 2014-03-01 17:13:01 Telcontar systemd 1 - - Starting Session 107 of user
news.
<3.6> 2014-03-01 17:15:02 Telcontar systemd 1 - - Starting Session 108 of user
root.


I suddenly noticed that there are two very similar entries:


<3.6> 2016-05-17 04:10:01 Telcontar systemd 1 - - Starting Session 21475 of
user wwwrun.
<3.6> 2016-05-17 04:10:01 Telcontar systemd 1 - - Started Session 21475 of
user wwwrun.
<3.6> 2016-05-17 04:15:01 Telcontar systemd 1 - - Starting Session 21478 of
user news.
<3.6> 2016-05-17 04:15:01 Telcontar systemd 1 - - Started Session 21478 of
user news.

I simply have to filter both "Starting" and "Started". Sigh.
A year long problem finally solved!


- -- Cheers,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlc6gi0ACgkQtTMYHG2NR9UXJwCdHTFNc3NIMRYKt0FGoxYb5Jkz
vwYAnjlioPwmtgNisuW/B46guL1SygTC
=04Ie
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages