filtering syslogd kernel msg
hanasaki
hanasaki at hanaden.com
Tue Oct 5 21:11:50 CDT 2004
Dustin Decker wrote:
>>-----Original Message-----
>>From: kclug-bounces at kclug.org [mailto:kclug-bounces at kclug.org] On Behalf
>>Of hanasaki
>>Sent: Tuesday, October 05, 2004 6:51 PM
>>To: List - KCLUG
>>Subject: filtering syslogd kernel msg
>>
>>what can be added to syslog.conf to filter out just the following and
>>not all kernel msg?
>>
>>Oct 5 01:50:39 localhost kernel: usb-storage: queuecommand called
>>
>>it is showing in the debian syslog, debug and kern logfiles on sarge
>
>
> Most semi-default configurations within /etc/syslog.conf usually make use of
> a line similar to this:
>
> kern.* /var/log/kernel
>
> What you probably need to focus on is the asterisk, which indicates you want
> everything. Since you _don't_ want to receive logging information for a usb
> storage device (assuming your log is getting filled with these and you don't
> want to see them), I'd examine what can replace the asterisk. Your question
> has certainly piqued my interest, so I'll be googling furiously for more
> data once the debate is over tonight.
>
> Another option _might_ be to compile your kernel without USB debugging
> enabled.
>
> Dustin Decker
>
Switched to syslog-ng that can match on regular expressions and added
the follow. Works great.. so far...............
filter f_not_garbage { match("!/usb-storage/");};
# *.*;auth,authpriv.none -/var/log/syslog
log {
source(s_all);
filter(f_syslog);filter(f_not_garbage);
destination(df_syslog);
};
More information about the Kclug
mailing list