LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Filter snmpd entries from /var/log/messages (https://www.linuxquestions.org/questions/linux-general-1/filter-snmpd-entries-from-var-log-messages-867933/)

investmentbnker75 03-11-2011 09:17 AM
Filter snmpd entries from /var/log/messages
 
All, i am receiving numerous entries for programs such as snmpd in my messages file. Is there a way to add a rule somewhere to have these and other annoying unimportant entries go to /dev/null or something?

I tried adding an entry to /etc/syslog.conf, but that hosed any logging into the messages file, so maybe i added it wrong?

I want to try and do this with out installing anything additional.

Thanks!!

dr_agon 03-11-2011 12:31 PM
You were right to look at syslog.conf. Just read the man carefully, and adjust facility and priority to your needs.

Perhaps you need to configure logging to higher priority (eg. "error" instead of "info" or similar).

You may try to look at snmpd doc to learn what facility it sends logging messages to, and adjust only this facility in syslog.conf.

I don't know, but there might be some logging options for snmpd itself, which you can customize.

investmentbnker75 03-11-2011 02:03 PM
I read the man page on syslog.conf and thought i had the solution based on what i read, but as i said, it hosed logging all together. So i was hoping someone could post me how an entry should look if you wanted to use the syslog.conf file to filter snmp type messages. I will also be looking to use that same example to filter other annoying entries if i see them as well, so if anyone knows if this can be done, please give me an example of what the entry would look like in syslog.conf.

dr_agon 03-11-2011 11:30 PM
I don't use snmpd, so I cannot give you the direct solution.

The part of my syslog.conf which logs to /var/log/messages looks like this:
Code:
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none                -/var/log/messages
Check your syslog.conf and try to set different priorities, for example delete *.=info;*.=notice; and set cron,daemon to warn instead of none.

Settings in syslog.conf will affect the whole logging system. It means, that if you set your minimal logging priority to warning you will disable info messages from all programs. Consider redirecting lower priority messages to another log file, to keep log/messages clean and yet retain all information.
If you want to change only snmpd logging you must find appropriate option in its config.

investmentbnker75 03-13-2011 12:36 PM
I tried that, that's where i mentioned that nothing was being logged to messages because that hosed it.

dr_agon 03-14-2011 04:15 AM
If you post the changes you made to syslog.conf maybe someone will find the mistake you made which stopped all logging.

investmentbnker75 03-18-2011 04:10 PM
I will post shortly


All times are GMT -5. The time now is 03:11 AM.