Ignoring useless Syslog messages
Three steps to knowing what's going on in Syslog in one easy daily email:
- Install syslog summary (
apt-get install syslog-summary
). - Set up your ignore file (see suggestions below)
- Update your
/etc/logrotate.d/syslog-ng
or similar rotation script to call syslog summary and email you the results
JEB's list of messages to ignore
The key item here is what you want ot ignore
- Most kernel boot-time init messages (except ONE)
- Most daemon startup notices (except ONE)
- Most CRON notice messages
- Most status messages
Here's a reasonable list to get started: syslog.ignore
Other syslog-summary tips
- Always test any changes manually before leaving for the day!
- Kernel messages now have a timestamp on them (see above example.
- Some of the kernel messages we only want to ignore during boot time: the pattern match for up to 2 digits of uptime in the above example will ignore link change notices for the first 99 seconds (
kernel: (\[\s+\d{1,2}\.\d+\] )?
)