忽略syslog-ng中的特定级别的内核日志

时间:2018-11-15 12:45:40

标签: syslog-ng

我正在将所有日志(包括python程序)转储到一个特定文件中。来自内核的日志太多,因此我想忽略某个级别的日志。是否可以使用syslog-ng配置文件仅忽略noticewarning级内核。以下是我当前的syslog-ng配置文件

@version: 3.5
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
  owner("root"); group("adm"); perm(0640); stats_freq(0);
  bad_hostname("^gconfd$");
};

# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { unix-dgram("/dev/log"); internal();
         file("/proc/kmsg" program_override("kernel"));
};
template t_noHeader {
template("\"time\":\"$DATE\",\"level\":\"$LEVEL\",\"log\":[\"$PROGRAM\",\"$MSG\"],\n");
template_escape(no);
};

rewrite r_MSG{
    subst("\"", "", value("MESSAGE"), flags(global));
    subst("\'", "", value("MESSAGE"), flags(global));
    subst("\t", "", value("MESSAGE"), flags(global));
};

rewrite r_SetKernel{
    set("Knl", value(PROGRAM), condition(program("kernel")));
};

destination d_console_all { file("/dev/tty10"); };
destination d_xconsole { pipe("/dev/xconsole"); };
destination d_MyProg { 
file("/home/root/logs/Prog-${YEAR}${MONTH}${DAY}.log" template(t_noHeader) ); };

filter f_console { level(warn .. emerg); };
filter f_syslog3 { not facility(auth, authpriv, mail); };
filter f_ignoreProg { not match("avahi-daemon" value(PROGRAM)) and not 
match("neard" value(PROGRAM)) and not match("crond" value(PROGRAM)) and 
          not match("ofonod" value(PROGRAM)); };

log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_console); destination(d_console_all); destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };
log { source(s_src); rewrite(r_MSG); rewrite(r_SetKernel); 
filter(f_syslog3); filter(f_ignoreProg); destination(d_MyProg); };

0 个答案:

没有答案