lunes, mayo 06, 2013

Filtering messages in rsyslog


Each time I open a new chromium-browser tab, I get messages like this in /var/log/syslog:


May  6 09:15:37 compiler kernel: [4742643.809674] type=1701 audit(1367824537.257:40179): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=433 comm="chromium-browse" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f3de13f86c0 code=0x50002


This kind of continuous log writing is annoying and useless in my "desktop" system, even worse with an SSD disk, so I started looking how to filter rsyslog messages based in text strings.

Thanks to Javier Vela, I finally added the following to my /etc/rsyslog.d/50-default.conf:



#### Begin - Remove chromium-browser messages:

if      ($syslogfacility-text == 'kern') and \
        ( \
              ($msg contains 'chromium-browse') or \
              ($msg contains 'Chrome_') or \
              ($msg contains 'callbacks suppressed') \
        ) \
       then    ~

#### End 

auth,authpriv.*                 /var/log/auth.log
-/var/log/syslog
*.*;auth,authpriv.none          -/var/log/syslog
kern.*  -/var/log/kern.log
mail.*                          -/var/log/mail.log



After an service rsyslog restart or /etc/init.d/rsyslog restart , the message will not appear again.