What's new

Scribe Remove trendmicro debug infro from log - Deleting skynet logs also

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jeff Rinvelt

New Around Here
Long time listener first-time caller.

I'm trying to get rid of some trendmicro cruft in my log. I thought I had a good file to throw it in the null bin, but I was also trashing the skynet detail messages also. I was just getting the summary logs (i.e. "router Skynet: [#] 37943 IPs (+0) -- 1322 Ranges Banned (+0) || 48213 Inbound -- 70 Outbound Connections Blocked! [save] [1s]")

Any idea what I did wrong?

Message to remove

Jan 31 08:47:25 router kernel: [tdts_shell_ioctl_stat:256] Recv ioctl req with op 2

File I thought would work

# don't log kernel trendmicro messages

filter f_trendmicro {
program("kernel") and
message("[tdts_shell_ioctl_stat:256]");
};

log {
source(src);
filter(f_trendmicro);
flags(final);
};

#eof
 
Speaking of Trend Micro, what's your Trend Micro: Signature version? It can be found in Administration - Firmware Upgrade (of Merlin GUI).

Mine is: 2.212 Updated : 2020/06/29 16:45

Seems rather old? Or what do you think? I can check it all right with the button, but it says it is up to date.
 
mine is the same, different date:
2.212 Updated : 2021/01/28 20:28
Thanks!

I remember that you cannot trust the actual date because it wont't always update/refresh itself. This has been going on for ages with my router and with several firmware versions (Merlin). Only the version seems to matter. Not the date.
 
The skynet detail messsages trash themselves every hour, and roll up into that summary line.
 
The skynet detail messsages trash themselves every hour, and roll up into that summary line.
Yep got that. The log skynet log with the syslog-ng file above was blank except for the summary line. Remove the config file and everything starts flowing, but the trendmicro garbage appears.
 
It looked to me like your filter would work, so I am puzzled. I think your filter would work as well just with the message part, without the program. Can't see it would make a difference though.

You might log what your filter is discarding, as a test, to see if what gets logged has anything to do with skynet. If it is just filling with the trendmicro stuff, skynet isn't being affected.

You might also go into skynet and be sure it is pointing to the skynet log file and hasn't reset back to syslog.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top