Script to remove dcd crashes from system log

[cmkelley]

Finally got tired of seeing them; I have little faith Trend Micro or Asus will correct anytime soon. Add the following line to /jffs/scripts/post-mount

cru a dcd_crash "*/10 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log" #remove dcd crash lines from syslog

Replace /tmp/syslog.log with /opt/var/log/messages (or wherever you're redirecting syslog to) if you're using syslog-ng. Runs every 10 minutes, adjust to your liking.

File: /jffs/scripts/rm_dcd_crash (make sure you 'chmod +x rm_dcd_crash' after you create it)

#!/bin/sh
# remove dcd crash lines from system log

/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1

Thought: maybe should have just put the sed command in the cru line instead of calling a script? I dunno, works this way and I know where to look if I want to duplicate it for something else.

 

[Jack Yaz]

I use similar code to "chop" out cron entries where I have things that run every 5 minutes.

I prefer cron to a looping script, the latter would at least not be noisy though!

 

[elorimer]

If you are using syslog-ng, why wouldn't you do it in your .conf file instead? Set a filter for the messages to drop, and then use the final flag per the example given for dropping debug messages:

filter demo_debugfilter { level(debug); };
log { source(s_all); filter(demo_debugfilter); flags(final); };

I don't think I'm a fan of having these destructive sed commands running frequently when syslog might be writing to the file at the same time. Or maybe worse, if skynet is running its destructive sed at the top of the hour.

 

[cmkelley]

If you are using syslog-ng, why wouldn't you do it in your .conf file instead? Set a filter for the messages to drop, and then use the final flag per the example given for dropping debug messages:

filter demo_debugfilter { level(debug); };
log { source(s_all); filter(demo_debugfilter); flags(final); };

I don't think I'm a fan of having these destructive sed commands running frequently when syslog might be writing to the file at the same time. Or maybe worse, if skynet is running its destructive sed at the top of the hour.

Because so far I haven't found a readable guide to setting up syslog-ng. It's on the list of things to to do. Also note my solution doesn't require syslog-ng, so it's usable for people who aren't.

Also, that sed removes all 17 lines of the dcd crash in one fell swoop. Perhaps it's just as easy with a properly setup syslog-ng configuration? Some day I'll get to figuring it out.

 

[elorimer]

@cmkelley I quite follow your thinking. The administrator guide is over my head: https://www.syslog-ng.com/technical...open-source-edition/3.19/administration-guide

It would be something like:

filter drop_dcd {  message(dcd)  };
log { source(src); filter(drop_dcd);  flags(final);  };

Before the last log statement. And then it would be stripping out each dcd line as it arrived, instead of sed grabbing the file, processing it, and then rewriting it. I don't know what happens during that time if some other chron job wants to sed the same file or syslog-ng wants to write to it.

 

[visortgw]

Finally got tired of seeing them; I have little faith Trend Micro or Asus will correct anytime soon. Add the following line to /jffs/scripts/post-mount

cru a dcd_crash "*/10 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from syslog"

Replace /tmp/syslog.log with /opt/var/log/messages (or wherever you're redirecting syslog to) if you're using syslog-ng. Runs every 10 minutes, adjust to your liking.

File: /jffs/scripts/rm_dcd_crash (make sure you 'chmod +x rm_dcd_crash' after you create it)

#!/bin/sh
# remove dcd crash lines from system log

/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1

Thought: maybe should have just put the sed command in the cru line instead of calling a script? I dunno, works this way and I know where to look if I want to duplicate it for something else.

Just a thought, but to avoid possible conflict with the hourly (on the hour) Skynet cleanup, might the following be safer?

cru a dcd_crash "2,12,22,32,42,52 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from syslog"

 

[cmkelley]

Just a thought, but to avoid possible conflict with the hourly (on the hour) Skynet cleanup, might the following be safer?

cru a dcd_crash "2,12,22,32,42,52 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from syslog"

Maybe. I've been using it for a couple weeks with no ill effects, but that could be just dumb luck.

 

[Butterfly Bones]

Trying to get this working on my AC86U since the dcd crashes make a mess of the syslog when trying to keep on eye on IoT devices and keep them corralled.

Thanks for this, I get the dcd errors still in syslog and this error trying to run the script manually.

/jffs/scripts# ./rm_dcd_crash

sed: -i requires an argument

/tmp/home/root# cat /jffs/scripts/post-mount

#!/bin/sh
. /jffs/scripts/post-mount.div # Added by Diversion
swapon /tmp/mnt/SNB/myswap.swp # Swap file created by amtm
cru a dcd_crash "*/10 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from
syslog"

/tmp/home/root# cat /jffs/scripts/rm_dcd_crash

#!/bin/sh
# remove dcd crash lines from system log
/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1

-rwxrwxrwx    1 admin root            99 Feb  5 13:43 rm_dcd_crash

 

[Jack Yaz]

Trying to get this working on my AC86U since the dcd crashes make a mess of the syslog when trying to keep on eye on IoT devices and keep them corralled.

Thanks for this, I get the dcd errors still in syslog and this error trying to run the script manually.

/jffs/scripts# ./rm_dcd_crash

sed: -i requires an argument

/tmp/home/root# cat /jffs/scripts/post-mount

#!/bin/sh
. /jffs/scripts/post-mount.div # Added by Diversion
swapon /tmp/mnt/SNB/myswap.swp # Swap file created by amtm
cru a dcd_crash "*/10 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from
syslog"

/tmp/home/root# cat /jffs/scripts/rm_dcd_crash

#!/bin/sh
# remove dcd crash lines from system log
/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1

-rwxrwxrwx    1 admin root            99 Feb  5 13:43 rm_dcd_crash

Re. Manual, the error tells you exactly the issue

Note the cron command:

/jffs/scripts/rm_dcd_crash /tmp/syslog.log

 

[cmkelley]

Trying to get this working on my AC86U since the dcd crashes make a mess of the syslog when trying to keep on eye on IoT devices and keep them corralled.

Thanks for this, I get the dcd errors still in syslog and this error trying to run the script manually.

/jffs/scripts# ./rm_dcd_crash

sed: -i requires an argument

/tmp/home/root# cat /jffs/scripts/post-mount

#!/bin/sh
. /jffs/scripts/post-mount.div # Added by Diversion
swapon /tmp/mnt/SNB/myswap.swp # Swap file created by amtm
cru a dcd_crash "*/10 * * * * /jffs/scripts/rm_dcd_crash /tmp/syslog.log #remove dcd crash lines from
syslog"

/tmp/home/root# cat /jffs/scripts/rm_dcd_crash

#!/bin/sh
# remove dcd crash lines from system log
/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1

-rwxrwxrwx    1 admin root            99 Feb  5 13:43 rm_dcd_crash

You need to whole thing:

# /jffs/scripts/rm_dcd_crash /tmp/syslog.log

The script expects you to pass it the name of the file to scrub. If you're not running a replacement for syslog (which you would know if you were), the above will work. The cru entry correctly adds /tmp/syslog.log

 

[Butterfly Bones]

Ah, thanks. I've run Linux for years, just never got my head around scripting and passing arguments to scripts.

edit - whatever was causing the issues have been resolved. My syslog is clean now. I tried to get syslog-ng going some time ago, but it was a bear on my AC86U, but now it seems like those issues have been resolved so I will try again and then alter it to incorporate suggestions above.

 

[cmkelley]

Ah, thanks. I've run Linux for years, just never got my head around scripting and passing arguments to scripts.

edit - whatever was causing the issues have been resolved. My syslog is clean now. I tried to get syslog-ng going some time ago, but it was a bear on my AC86U, but now it seems like those issues have been resolved so I will try again and then alter it to incorporate suggestions above.

If I'm following you, your syslog is clean because you added the cru job. It runs every 10 minutes to sweep the syslog file.

 

[Butterfly Bones]

If I'm following you, your syslog is clean because you added the cru job. It runs every 10 minutes to sweep the syslog file.

Yes, exactly, thank you. For some reason it initially did not run after about 40 minutes time, but I just did a restart of post-mount after my above failure trying to run the rm_dcd_crash script. This time I rebooted the router to let it setup and run automatically and it is doing a great job of cleaning my syslog. :thumbup:

 

[TheOldMan]

You need to whole thing:

# /jffs/scripts/rm_dcd_crash /tmp/syslog.log

The script expects you to pass it the name of the file to scrub. If you're not running a replacement for syslog (which you would know if you were), the above will work. The cru entry correctly adds /tmp/syslog.log

I added:
/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1 /tmp/syslog.log in rm_dcd_crash, saved the file and it does not ask for arguments. Also no ugly dcd lines show in log.

 

[cmkelley]

I added:
/bin/sed -i '/kernel: dcd/,/kernel: x1 /d' $1 /tmp/syslog.log in rm_dcd_crash, saved the file and it does not ask for arguments. Also no ugly dcd lines show in log.

Right, if you call it locally without any arguments the $1 is null so it's not there. If you call it from cru set up the way I said, then it gets called as

/bin/sed -i '/kernel: dcd/,/kernel: x1 /d'/tmp/syslog.log /tmp/syslog.log

I don't know if there are any side effects of passing it the same filename twice. If it goes through the list in series, no problem. If it tries to go through all files in parallel, it may have an issue.

 

[Orillion]

have many have this error. from what i can see on my 86u is that i dont have them.

i´ve looked in System log > general log

is that the right place to see if i got the error

 

[cmkelley]

have many have this error. from what i can see on my 86u is that i dont have them.

i´ve looked in System log > general log

is that the right place to see if i got the error

Which firmware version are you using? If I recall correctly, it only shows up in recent firmware. And yes, the System Log is the correct place.

 

[Orillion]

iam on 384.8_2

iam waiting with the installing of 384.9 so merlin can iron out all bugs

 

[cmkelley]

iam on 384.8_2

iam waiting with the installing of 384.9 so merlin can iron out all bugs

Pretty sure it's just 384.9, although I recall a thread where someone was starting to see them on the version you're using.

Most of the "bugs" aren't merlin's to iron out. The alpha/beta cycle squashed the vast majority of stuff he can fix.

dcd crashes are very much Trend Micro's / ASUS' to iron out; dcd is in the closed source binary blobs, not the GPL code. Nothing merlin can do about those.

 

[dahyippur]

are dcd crashes only an issue for people that use the trend micro features/agreement? I've not had this problem pop up yet