Ignoring useless Syslog messages

Three steps to knowing what's going on in Syslog in one easy daily email:

  1. Install syslog summary (apt-get install syslog-summary).
  2. Set up your ignore file (see suggestions below)
  3. Update your /etc/logrotate.d/syslog-ng or similar rotation script to call syslog summary and email you the results

JEB's list of messages to ignore

The key item here is what you want ot ignore

Here's a reasonable list to get started: syslog.ignore

Other syslog-summary tips

  1. Always test any changes manually before leaving for the day!
  2. Kernel messages now have a timestamp on them (see above example.
  3. Some of the kernel messages we only want to ignore during boot time: the pattern match for up to 2 digits of uptime in the above example will ignore link change notices for the first 99 seconds (kernel: (\[\s+\d{1,2}\.\d+\] )?)