The post outlines steps to create a Property-Based Filter to Discard( suppress ) a particular message or redirect program messages to a particular log file.
The syntax
The systax to write a Property-Based Filter is as shown below:
:[Available Properties], [compare-operations], [customized expression] [path/log file]
From the man page of rsyslog.conf
The Discard Action (~)
If the discard action is carried out, the received message is immediately discarded. Discard is just the single tilde character with no further parameters.
Example:
*.* ~ # discards everything.
Restart rsyslog
You need to restart the rsyslog service after updating the rsyslog.conf
# service rsyslog restart # CentOS/RHEL 6 # systemctl restart rsyslog # CentOS/RHEL 7
Example 1: Discard (suppress) a particular message
You have a messages as shown below which you want to discard or supress:
June 4 22:20:21 geeklab app: [804617.902850] this is a test message to discard
Add the rule as shown below to the /etc/rsyslog.conf file:
# vi /etc/rsyslog.conf :msg, contains, "test message to discard" ~
Restart the rsyslog service after updating the rsyslog.conf file.
# service rsyslog restart # CentOS/RHEL 6 # systemctl restart rsyslog # CentOS/RHEL 7
Example 2: Redirect program messages to a particular log file but not to messages
You have a messages as shown below which you want to redirect to a particular file, /var/log/custom_app.log in this example:
June 4 22:20:21 geeklab appname: [804617.902850] this is a test message to discard
Add the rule as shown below to the /etc/rsyslog.conf file:
:programname, isequal, "appname" /var/log/custom_app.log :programname, isequal, "appname" ~
Restart the rsyslog service after updating the rsyslog.conf file.
# service rsyslog restart # CentOS/RHEL 6 # systemctl restart rsyslog # CentOS/RHEL 7