LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-03-2013, 01:18 PM   #1
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 635

Rep: Reputation: 35
Trouble with rsyslog config to filter dnsmasq-log-spam


Hi,

I'm sure this is really easy once you know how to do it :-)

My syslog is filling up with DHCP lease statements from dnsmasq, and I would like to move all these messages to a separate log.
It looks really easy according to rsyslog configuration, but I just can't get it to work the way it should.

The messages I would like to filter look like the following:

Code:
Jan  3 20:10:07 Majestix dnsmasq-dhcp[6614]: DHCPREQUEST(bond0) 192.168.1.81 10:68:ff:ff:ff:ff 
Jan  3 20:10:07 Majestix dnsmasq-dhcp[6614]: DHCPACK(bond0) 192.168.1.81 10:ff:3f:ff:ff:ff Nexus4
Jan  3 20:10:32 Majestix dnsmasq-dhcp[6614]: DHCPREQUEST(bond0) 192.168.1.93 70:de:ff:ff:ff:04 
Jan  3 20:10:32 Majestix dnsmasq-dhcp[6614]: DHCPACK(bond0) 192.168.1.93 70:ff:ff:ff:ff:04 iPad-AF
(yes, out of general paranoia I have butchered the MAC addresses slightly )

What I've tried in the config is a plethora of variations over this theme:
Code:
if $programname == 'dnsmasq-dhcp' and $syslogseverity <= '6' then /var/log/dnsdhcp.log
#if $programname == 'dnsmasq-dhcp' and $syslogseverity <= '6' then ~
But nothing happens in dnsdhcp.log and everything still comes into /var/log/messages..

Anyone care to give me a hint to where I'm heading in the wrong direction?

-y1
 
Old 01-03-2013, 04:05 PM   #2
sleddog
Member
 
Registered: Jan 2002
Location: Labrador, Canada
Distribution: CentOS, Debian
Posts: 182

Rep: Reputation: 35
Why not just set dnsmasq to log to its own file?

From the dnsmasq manpage...

Quote:
--log-facility=<facility>
Set the facility to which dnsmasq will send syslog entries, this defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If the facility given contains at least one '/' character, it is taken to be a filename, and dnsmasq logs to the given file, instead of syslog....
 
Old 01-04-2013, 12:35 AM   #3
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 635

Original Poster
Rep: Reputation: 35
Thanks for answering!

I guess I could, but that would mean all dnsmasq entries would go there, also the critical ones prohibiting network operation. What I'd like to do is just filter out the daily noise, but keep the serious stuff so that I can trigger alerts on it.

The only way to do that I still believe to be filtering all dnsmasq entries with severity _LESS_ than the informational ones to go out, but let rsyslog be the decider of all these things.

Besides, I'll have to do this for a few remote apps as well, so I'd better figure out how to do it anyway :-)

-y1
 
  


Reply

Tags
dnsmasq, logging, rsyslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to config rsyslog on Fedora 10 to collect the log from Cisco ASA5510 ? gutiojj Linux - Server 2 03-30-2010 03:08 PM
Configure rsyslog to filter all messages from kdm ? charlweed Linux - Software 2 10-25-2009 05:27 AM
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
spam filter Red Squirrel Linux - Software 3 06-24-2004 06:13 PM
Spam filter to external mail filter deadlock Linux - Software 1 06-16-2004 02:28 AM


All times are GMT -5. The time now is 07:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration