I'm troubleshooting a problem of system hangs and want to know what's being logged just before the system freeze occurs. This effort is being hampered because my VPN provider (PIA) is logging gobs of information messages every minute. I'd like to have a lot less clutter on the shell window when things lock up.

I've tried adding something like various permutations of the following to rsyslog.conf

pia-daemon.info /dev/null
pia*.info /dev/null

I'd like to avoid creating additional conf files if possible. I do not want to suppress all info messages, just these. Ideas?

1 Answer

You can use the stop keyword action to end processing of a message. To match the message you need to know where the pia-daemon string appears in the input. It might be the tag, or it might be $programname. You can try

if $syslogtag=="pia-daemon:" then stop
if $programname=="pia-daemon" then stop

To find out you could list all the fields using a builtin template RSYSLOG_DebugFormat:

*.info /var/log/debug;RSYSLOG_DebugFormat

Or you can just look anywhere in the raw input:

if $rawmsg contains "pia-daemon" then stop

Make sure these filters appear early in the config file, before other filters.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy