lunes, mayo 06, 2013

Filtering messages in rsyslog

Each time I open a new chromium-browser tab, I get messages like this in /var/log/syslog:

May  6 09:15:37 compiler kernel: [4742643.809674] type=1701 audit(1367824537.257:40179): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=433 comm="chromium-browse" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f3de13f86c0 code=0x50002

This kind of continuous log writing is annoying and useless in my "desktop" system, even worse with an SSD disk, so I started looking how to filter rsyslog messages based in text strings.

Thanks to Javier Vela, I finally added the following to my /etc/rsyslog.d/50-default.conf:

#### Begin - Remove chromium-browser messages:

if      ($syslogfacility-text == 'kern') and \
        ( \
              ($msg contains 'chromium-browse') or \
              ($msg contains 'Chrome_') or \
              ($msg contains 'callbacks suppressed') \
        ) \
       then    ~

#### End 

auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
kern.*  -/var/log/kern.log
mail.*                          -/var/log/mail.log

After an service rsyslog restart or /etc/init.d/rsyslog restart , the message will not appear again.