3

A monitoring service that executes every minute requires sudo. With this my logs are full of pam_unix entries, telling me that this service logged in with sudo.

Now that I have journald on this machine, I thought maybe I could filter those logs, so that journald simply ignores them (by regex matching/other parameters).

I don't want to filter the output (I could do that with journalctl), I don't want those entries to be stored.

Is this possible with journald?

sourcejedi
  • 50,249
Ethan Leroy
  • 161
  • Nothing in the journald-related manpages indicates this is possible. You could tell journald to forward everything to rsyslog and get rsyslog to do the filtering, but I suppose this is not what you want. – muru Feb 14 '16 at 22:47
  • @muru I checked the rsyslog docs and it has a filtering concept, but for filtering to different files. I couldn't find anything in the rsyslog docs to indicate that it could be used for discarding the messages, but setting the file to /dev/null might work. – jordanm Feb 14 '16 at 22:48
  • @jordanm you don't have to send it to a file in rsyslog. There is a discard action: http://www.rsyslog.com/doc/master/configuration/actions.html?highlight=tilde#discard – muru Feb 14 '16 at 22:52
  • Thanks for your comments, but really? There is no way to do this with journald? I thought journald is so great, there must be an option for filtering logs when they come in. – Ethan Leroy Feb 15 '16 at 17:47
  • This SO question does not answer the journald filtering, but it does address the sudo / pam_unix messages: – thom_nic Apr 17 '18 at 14:14

0 Answers0