Scribe Remove trendmicro debug infro from log - Deleting skynet logs also

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Jeff Rinvelt

New Around Here
Long time listener first-time caller.

I'm trying to get rid of some trendmicro cruft in my log. I thought I had a good file to throw it in the null bin, but I was also trashing the skynet detail messages also. I was just getting the summary logs (i.e. "router Skynet: [#] 37943 IPs (+0) -- 1322 Ranges Banned (+0) || 48213 Inbound -- 70 Outbound Connections Blocked! [save] [1s]")

Any idea what I did wrong?

Message to remove

Jan 31 08:47:25 router kernel: [tdts_shell_ioctl_stat:256] Recv ioctl req with op 2

File I thought would work

# don't log kernel trendmicro messages

filter f_trendmicro {
program("kernel") and
message("[tdts_shell_ioctl_stat:256]");
};

log {
source(src);
filter(f_trendmicro);
flags(final);
};

#eof
 

Diamond67

Senior Member
Speaking of Trend Micro, what's your Trend Micro: Signature version? It can be found in Administration - Firmware Upgrade (of Merlin GUI).

Mine is: 2.212 Updated : 2020/06/29 16:45

Seems rather old? Or what do you think? I can check it all right with the button, but it says it is up to date.
 

Diamond67

Senior Member
mine is the same, different date:
2.212 Updated : 2021/01/28 20:28
Thanks!

I remember that you cannot trust the actual date because it wont't always update/refresh itself. This has been going on for ages with my router and with several firmware versions (Merlin). Only the version seems to matter. Not the date.
 

elorimer

Very Senior Member
The skynet detail messsages trash themselves every hour, and roll up into that summary line.
 

Jeff Rinvelt

New Around Here
The skynet detail messsages trash themselves every hour, and roll up into that summary line.
Yep got that. The log skynet log with the syslog-ng file above was blank except for the summary line. Remove the config file and everything starts flowing, but the trendmicro garbage appears.
 

elorimer

Very Senior Member
It looked to me like your filter would work, so I am puzzled. I think your filter would work as well just with the message part, without the program. Can't see it would make a difference though.

You might log what your filter is discarding, as a test, to see if what gets logged has anything to do with skynet. If it is just filling with the trendmicro stuff, skynet isn't being affected.

You might also go into skynet and be sure it is pointing to the skynet log file and hasn't reset back to syslog.
 
Similar threads
Thread starter Title Forum Replies Date
F Entware How do i remove transmission? Asuswrt-Merlin AddOns 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top