Weirdly formatted log message. But anyway, the idea is to put a text file in /opt/etc/syslog.d that has three parts: defining the destination, the filter, and the log instruction. Since you can't filter by program here, you need some unique part of the message, perhaps like so:Hello, I'm still trying to wrap my head around scribe but is there a way to move these out to a different log source than messages? Not sure how to get the filtering right.
kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,783: blog allocation failure^[[0m
destination d_blog {
file("/opt/var/log/blog.log");
};
filter f_blog {
(message("bcm_mcast_blog_process") );
};
log {
source(src);
filter(f_blog);
destination(d_blog);
flags(final);
};
Or if you don't want to see it at all, add it to the "Weirdly formatted log message. But anyway, the idea is to put a text file in /opt/etc/syslog.d that has three parts: defining the destination, the filter, and the log instruction. Since you can't filter by program here, you need some unique part of the message, perhaps like so:
Code:destination d_blog { file("/opt/var/log/blog.log"); }; filter f_blog { (message("bcm_mcast_blog_process") ); }; log { source(src); filter(f_blog); destination(d_blog); flags(final); };
blankmsg
" file in /opt/etc/syslog-ng.d
. This will discard outright. In my example, I discard hostapd
and wlc_send_bar
messages.# discard and don't log empty messages from kernel nor wlc_send_bar messages
filter f_blank {
program("hostapd") or
message("wlc_send_bar") or
program("kernel") and
message("^ *$");
};
log {
source(src);
filter(f_blank);
flags(final);
};
#eof
This works? The filter matches a log message that meets all the tests. So it will select a message only if it is blank, and then if it is either from hostapd or kernel. It never matches wlc_send_bar because a message can't both be blank and have that text at the same time. Perhaps you need to group these with parentheses?Or if you don't want to see it at all, add it to the "blankmsg
" file in/opt/etc/syslog-ng.d
. This will discard outright. In my example, I discardhostapd
andwlc_send_bar
messages.
Code:# discard and don't log empty messages from kernel nor wlc_send_bar messages filter f_blank { program("hostapd") or message("wlc_send_bar") or program("kernel") and message("^ *$"); }; log { source(src); filter(f_blank); flags(final); }; #eof
Either it works, or by some heck of a coincidence all the log entries disappeared. I'm okay with either outcome.This works? The filter matches a log message that meets all the tests. So it will select a message only if it is blank, and then if it is either from hostapd or kernel. It never matches wlc_send_bar because a message can't both be blank and have that text at the same time. Perhaps you need to group these with parentheses?
Also, complex filters take longer to process than simple filters. Not really relevant in our case because there aren't that many messages.
and
component which would mean both conditions need to be met.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!