Thursday, October 8, 2015

Linux log files: discard verbose useless lines

Your linux log files are "spammed" by verbose programs or activities that you would like to silence? Here is a short how to to filter some specific lines.




Prevent cron to log in ''/var/log/auth.log'':

When your ''cronjob'' does something as a user (e.g. root), it will create annoying entries in your ''auth.log'' file. You can disable the logging of non-interactive login by opening ''/etc/pam.d/common-session-noninteractive'' and inserting the following line just before the call to ''pam_unix.so'':
''
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
''

Redirect all cron log activity to its own log file (and stop it from polluting ''syslog'').

First, remove ''cron'' from the catchall line in ''/etc/rsyslog.conf'' in the ''RULES'' block or it will stick. Then add the specific rule in the section named ''standard log files'', e.g.:
''
cron.* /var/log/cron.log
''

Finally, do not forget to restart the log system:
''
service rsyslog restart
''

Prevent specific lines to show in your log files

You may also want to prevent some specific lines to appear in the logs.

E.g. an expected job that executes each minute to log in as a user and to compute some stats on your server will quickly pollute the log files. First, find a substring that uniquely matches the annoying line (and only this line!).

Then open ''/etc/rsyslog.conf'' and add this to the top of ''RULES'' block:
''
:msg, contains, "api/stats.sh" ~
''