• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

/etc/rsyslog.conf – Setup a Filter to Discard or Redirect Messages

by admin

The post outlines steps to create a Property-Based Filter to Discard( suppress ) a particular message or redirect program messages to a particular log file.

The syntax

The systax to write a Property-Based Filter is as shown below:

:[Available Properties], [compare-operations], [customized expression] [path/log file]

From the man page of rsyslog.conf

compare operations supported by rsyslog

The Discard Action (~)

If the discard action is carried out, the received message is immediately discarded. Discard is just the single tilde character with no further parameters.

Example:

*.*   ~      # discards everything.

Restart rsyslog

You need to restart the rsyslog service after updating the rsyslog.conf

# service rsyslog restart        # CentOS/RHEL 6
# systemctl restart rsyslog      # CentOS/RHEL 7

Example 1: Discard (suppress) a particular message

You have a messages as shown below which you want to discard or supress:

June 4 22:20:21 geeklab app: [804617.902850] this is a test message to discard

Add the rule as shown below to the /etc/rsyslog.conf file:

# vi /etc/rsyslog.conf
:msg, contains, "test message to discard"    ~

Restart the rsyslog service after updating the rsyslog.conf file.

# service rsyslog restart        # CentOS/RHEL 6
# systemctl restart rsyslog      # CentOS/RHEL 7

Example 2: Redirect program messages to a particular log file but not to messages

You have a messages as shown below which you want to redirect to a particular file, /var/log/custom_app.log in this example:

June 4 22:20:21 geeklab appname: [804617.902850] this is a test message to discard

Add the rule as shown below to the /etc/rsyslog.conf file:

:programname, isequal, "appname" /var/log/custom_app.log
:programname, isequal, "appname" ~

Restart the rsyslog service after updating the rsyslog.conf file.

# service rsyslog restart        # CentOS/RHEL 6
# systemctl restart rsyslog      # CentOS/RHEL 7

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How to move /var on a separate disk as a separate mount point (Online)
  2. Managing MySQL Using Systemd As A Non Root User
  3. How to Stop/disable Firewalld on CentOS/RHEL 8
  4. How to run a cron job on specific days of the week
  5. Xtreme Download Manager(xdman): Internet Download Manager(IDM) For Ubuntu
  6. CentOS / RHEL 6,7 : How to configure hugepages
  7. How to Create a Custom Log File Rotation by logrotate in Linux
  8. DNS configuration file /etc/named.conf explained
  9. How to Configure Remote Rsyslog To Accept TLS and Non-TLS in CentOS/RHEL
  10. How to Disable Client Access Control in MySQL

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright