<div dir="ltr">The RanierScript format may help with anything beyond the defaults with rsyslog: <a href="https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html">https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html</a><div><br></div><div>You could do something like:</div><div><div>ruleset( name="DealWithBuggyMachine" ){</div><div> if $fromhost-ip == "192.0.2.2" then {</div><div> if $msg contains "key test" then {</div><div> action( type="omfile" file="/var/log/keytext.log" )</div><div> stop</div><div> }</div><div> if $msg contains "text of warning" then {</div><div> stop</div><div> }</div><div> action( type="omfile" file="/var/log/otherfile.log" )</div><div> }</div><div>}</div><div><br></div><div>See also for sanity's sake: <a href="https://github.com/evertrue/logserver-cookbook/wiki/Supplemental-rsyslog-documentation">https://github.com/evertrue/logserver-cookbook/wiki/Supplemental-rsyslog-documentation</a></div><div>And <a href="https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html">https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html</a> with the "legacy" and "modern" comparisons...</div><div><br></div><div>Takes a minute to figure out Ranierscript, but well worth it.</div><div><br></div><div>-George</div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jul 22, 2018 at 1:04 PM, Alex Carver via Ale <span dir="ltr"><<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On one of my machines a known bug is emitting harmless warning messages<br>
that are getting sucked up into messages and kern.log. I just want to<br>
silence these warnings so I set up at the top of rsyslog's configuration<br>
(version 8.24.0):<br>
<br>
:msg, contains, "text of warning" stop<br>
<br>
This is before the kern.* that sends to kern.log and also before *.=warn<br>
which sends to messages.<br>
<br>
The result, though, is that the message is erased but a blank,<br>
timestamped entry is added to both files. So where I used to get:<br>
<br>
timestamp hostname kernel: [ticks] "text of warning here plus other<br>
information" <EOL><br>
<br>
I now just get in both messages and kern.log:<br>
timestamp hostname kernel: [ticks]<EOL><br>
<br>
I had expected the log entries to be gone completely. I have a similar<br>
line at the top of rsyslog.conf that looks for key text and diverts to a<br>
file:<br>
<br>
:msg, contains, "key text" -/var/log/keytext.log<br>
& stop<br>
<br>
This one works, I don't get any "key text" entries in kern.log or<br>
messages. I tried something similar using /dev/null but that still<br>
causes the same blank lines.<br>
<br>
I'm considering giving up and switching to syslog-ng on this system but<br>
I figured I'd ask and see if anyone had a thought. Searching everywhere<br>
online doesn't offer any suggestions about why I get blank lines after a<br>
stop.<br>
______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
</blockquote></div><br></div>