如何从 logcheck 中抑制 rsyslogd HUPed 消息?

如何从 logcheck 中抑制 rsyslogd HUPed 消息?

得到这些...

Jan  7 06:25:01 debian liblogging-stdlog:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="551" x-info="http://www.rsyslog.com"] rsyslogd was HUPed

Debian 默认日志检查规则 /etc/logcheck/ignore.d.server/rsyslog

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$

尝试了自定义规则 /etc/logcheck/ignore.d.server/rsyslog-fix

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ liblogging-stdlog:  \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ liblogging-stdlog:  \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[[:digit:]]+" x-info="http:\/\/www\.rsyslog\.com"\] rsyslogd was HUPed$

任何想法??谢谢!

答案1

  1. 检查日志行末尾是否有空格或特殊字符(如 CR);尝试通过暂时关闭您的模式来包含它们.*$
  2. 检查/etc/logcheck/violations.d/etc/logcheck/cracking.d对于匹配模式,这些目录的优先级高于/etc/logcheck/ignore.d.

egrep -f /etc/logcheck/DIR/FILE是用于测试规则的好工具。

答案2

我只是将此行添加到 /etc/rsyslog.conf 并重新启动它:

if ($msg contains "rsyslogd was HUPed") then stop

对我来说足够好了。

相关内容