Exclude type of logs

[WillemDH]

Hello,

This is the rsyslog config create by NLS when adding a Linux server:

Code: Select all

### Begin forwarding rule for Nagios Log Server                           NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog # Where spool files will live             NAGIOSLOGSERVER
$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files     NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g   # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown         NAGIOSLOGSERVER
$ActionQueueType LinkedList   # Use asynchronous processing               NAGIOSLOGSERVER
$ActionResumeRetryCount -1    # Infinite retries if host is down          NAGIOSLOGSERVER
# Remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional       NAGIOSLOGSERVER
*.* @@log01:10546                                               # NAGIOSLOGSERVER
### End of Nagios Log Server forwarding rule                              NAGIOSLOGSERVER

My problem is that /var/log/messages contains a type of messages I don't want to send to NLS, as it contains 6k messages / second... (influx stack)

How can I exclude all messages in /var/log/messages with the format:

Code: Select all

Dec  7 16:33:19 grafana influxd: [httpd] 10.23.17.50 - InWriter [07/Dec/2016:16:33:19 +0100] "POST /write?consistency=&db=db_telegraf_win_01&precision=ns&rp= HTTP/1.1" 204 0 "-" "telegraf" 7ae3b145-bcp2-11e6-9fe0-000000000000 19890

Tx

[mcapra]

Is it absolutely necessary to send the influx events to /var/log/messages? It would be much easier to have rsyslog separate those events into their own file.

You can do regex matches against all /var/log/messages events, but redirecting the influxd events to their own file would be much less work for the CPU.

[WillemDH]

I'll see if it's possible to configure a separate log for these influx posts.

[dwhitfield]

Please let us know if you need any additional help. We await your results!