得到这些...
Jan 7 06:25:01 debian liblogging-stdlog: [origin software="rsyslogd" swVersion="8.24.0" x-pid="551" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Debian 默认日志检查规则 /etc/logcheck/ignore.d.server/rsyslog
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
尝试了自定义规则 /etc/logcheck/ignore.d.server/rsyslog-fix
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ liblogging-stdlog: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ liblogging-stdlog: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[[:digit:]]+" x-info="http:\/\/www\.rsyslog\.com"\] rsyslogd was HUPed$
任何想法??谢谢!
答案1
- 检查日志行末尾是否有空格或特殊字符(如 CR);尝试通过暂时关闭您的模式来包含它们
.*$
。 - 检查
/etc/logcheck/violations.d
和/etc/logcheck/cracking.d
对于匹配模式,这些目录的优先级高于/etc/logcheck/ignore.d
.
egrep -f /etc/logcheck/DIR/FILE
是用于测试规则的好工具。
答案2
我只是将此行添加到 /etc/rsyslog.conf 并重新启动它:
if ($msg contains "rsyslogd was HUPed") then stop
对我来说足够好了。