LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-29-2019, 10:00 AM   #1
PK232
LQ Newbie
 
Registered: Jan 2019
Posts: 3

Rep: Reputation: Disabled
I Would Like to Stop the Logging of Promiscuous States


In my Slackware /var/log/messages file I have a lot of entries that reflect the NIC going in and out of promiscuous mode. I know what is creating the entries and I have no problem with the process. I would however like to stop the logging of the occurrences as they take up 90% of the log making it lengthy to scan.

From testing I know that I can use /etc/syslog.conf to prevent them by stopping all kernel entries (kernel:none) but that is the sledge hammer approach.

Also, although I haven’t tried it, I suspect it would not take a much effort to write a cron/bash script to remove the entries periodically from the message file and then restart syslog but I would prefer to simply stop the logging.

Using Google I did come across the following suggested line for syslog.conf that was supposed to stop only the logging of the promiscuous states.

Code:
:msg, contains, "promiscuous mode"  ~
but it doesn’t appear to work in Slackware

I also tried the variation

Code:
:msg, contains, “device eth0 left promiscuous mode” ~
:msg, contains, “device eth0 entered promiscuous mode” ~
in case it needed the complete line without success. Lastly I tried the lines with single quotes as well as double quotes and putting the lines at the end as well as the beginning of syslog.conf in case position made a difference without success.


Does anyone see a syntax error or have any other ideas to try? Thanks
 
Old 01-29-2019, 01:22 PM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,534

Rep: Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899
Check /etc/syslog.conf:
Code:
# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
*.info;*.!warn;\
        authpriv.none;cron.none;mail.none;news.none     -/var/log/messages
If you don't want to see INFO messages (which is the log level of these promiscuous state messages)
just change the "info" in this line, perhaps to something like this (untested):
Code:
*.warning;\
        authpriv.none;cron.none;mail.none;news.none     -/var/log/messages
which will stop printing INFO and NOTICE kernel messages to the messagelog.
 
1 members found this post helpful.
Old 01-30-2019, 09:00 AM   #3
PK232
LQ Newbie
 
Registered: Jan 2019
Posts: 3

Original Poster
Rep: Reputation: Disabled
In truth, I would have preferred a solution that only eliminated the promiscuous messages but that did work, and in the absence of something better I will go with it. It is certainly better than anything I have come up with. Thanks for the suggestion.
 
Old 01-30-2019, 09:17 AM   #4
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,534

Rep: Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899Reputation: 5899
Quote:
Originally Posted by PK232 View Post
In truth, I would have preferred a solution that only eliminated the promiscuous messages but that did work, and in the absence of something better I will go with it. It is certainly better than anything I have come up with. Thanks for the suggestion.
Tip:
You can patch the kernel source at the location I pointed you to, removing the informational messages, and recompile the kernel. That will give you exactly what you want.
 
Old 01-30-2019, 09:26 AM   #5
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,192

Rep: Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853
The low tech approach is 'grep -v "promiscuous mode" /var/log/messages'.
I use something similar to clean DHCP noise when reviewing the logs.
 
Old 01-30-2019, 12:58 PM   #6
PK232
LQ Newbie
 
Registered: Jan 2019
Posts: 3

Original Poster
Rep: Reputation: Disabled
@Bob - I missed that the “promiscuous state messages” was also a link. I will take a look at that.

@Allen – That thought had crossed my mind as well – perhaps as a cron run script with a sleep line so that it doesn’t run exactly on the minute when something else might be writing to messages. If it had a short name, it would be very easy to run manually as well.

Thanks to both of you for your suggestions.
 
Old 01-30-2019, 01:34 PM   #7
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,286

Rep: Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648
At the cost of adding a little more software, you could consider adding lnav to your system, which allows clever filtering when viewing logs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Hi, I would like to find out which distro would be best for an old dell sammer47 Linux - Newbie 13 06-29-2014 03:07 AM
LXer: Open States gathers legislative data from all 50 states LXer Syndicated Linux News 0 02-21-2013 11:00 AM
China and one reason states like microsoft? lugoteehalt General 9 06-22-2009 09:34 AM
promiscuous mode of eth santoshbhise Linux - Newbie 1 02-01-2002 09:58 AM
eth0 promiscuous mode susx Linux - Networking 11 09-22-2001 12:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration