본문 바로가기
리눅스

[리눅스] CentOS7에서 시스템 메시지 로그 필터링

변군이글루 2020. 12. 18. 13:10
반응형

CentOS7에서 시스템 메시지 로그 필터링

Environment

$ cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)

Issue

  • /var/log/messages
tail -f /var/log/messages
$ tail -f /var/log/messages
Dec 18 12:15:01 bvm-24 systemd: Started Session 6988 of user root.
Dec 18 12:20:01 bvm-24 systemd: Started Session 6989 of user root.
Dec 18 12:25:01 bvm-24 systemd: Started Session 6990 of user root.
Dec 18 12:25:40 bvm-24 systemd: Started Session 6991 of user root.
Dec 18 12:29:25 bvm-24 systemd: Started Session 6992 of user root.
Dec 18 12:30:01 bvm-24 systemd: Started Session 6993 of user root.
Dec 18 12:35:01 bvm-24 systemd: Started Session 6994 of user root.
Dec 18 12:39:01 bvm-24 systemd: Started Session 6995 of user root.
Dec 18 12:40:01 bvm-24 systemd: Started Session 6996 of user root.
Dec 18 12:45:02 bvm-24 systemd: Started Session 6997 of user root.
Dec 18 12:50:01 bvm-24 systemd: Started Session 6998 of user root.
Dec 18 12:55:01 bvm-24 systemd: Started Session 6999 of user root.

Resolution

ignore-systemd-session-slice.conf 파일 생성 후 rsyslog서비스 재기동

  • /etc/rsyslog.d/ignore-systemd-session-slice.conf 파일 생성
echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
  • /etc/rsyslog.d/ignore-systemd-session-slice.conf 확인
cat /etc/rsyslog.d/ignore-systemd-session-slice.conf
$ cat /etc/rsyslog.d/ignore-systemd-session-slice.conf
if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop
  • rsyslog 재기동
systemctl restart rsyslog.service

 

참고URL

https://access.redhat.com/solutions/1564823

 

728x90
반응형
저작자표시 비영리

'리눅스' 카테고리의 다른 글

[리눅스] ntpstat 명령어  (0) 2020.12.19
[명령어] which, whereis, locate 명령어  (0) 2020.12.18
[Apache] 웹서버에서 http를 https(SSL)로 리다이렉트하는 방법  (0) 2020.12.18
CentOS End of Lifetime (EOL) Dates  (0) 2020.12.16
HP 서버 스토리지 정보 확인(raid)  (0) 2020.12.16

'리눅스' Related Articles

티스토리툴바