ljm42 Posted February 25, 2019 Share Posted February 25, 2019 32 minutes ago, dlandon said: Ok. It seems I did have an issue like this. I changed the rule and we'll see how it works. fingers crossed 32 minutes ago, dlandon said: I'm extremely grateful for the syslog server capability and now with being able to filter a large number of extraneous messages from the router log yes! thank you very much @bonienl! Quote Link to comment
ljm42 Posted March 2, 2019 Share Posted March 2, 2019 I put together a little script that copies your custom *.conf files from the flash drive to /etc/rsyslog.d and then restarts rsyslogd. You can run it interactively to test new filters and add it to your go script to install them after rebooting. Thought I'd share if anyone is interested: https://gist.github.com/ljm42/f6d7d8f22d2965909f69c03df53529f6 Quote Link to comment
ljm42 Posted March 7, 2019 Share Posted March 7, 2019 On 2/25/2019 at 5:54 AM, bonienl said: The current implementation ensures the user selects a folder which does already exist. This is mandatory for the service to work. I keep thinking about this. I can't think of a reason why anybody would want a bunch of log files at the root of any share, unless they create the share specifically for this purpose. Would it make sense to automatically create and use a "logs" directory under whatever share the user chooses? That feels more organized out of the box. Quote Link to comment
tallguydirk Posted July 20, 2020 Share Posted July 20, 2020 Does this method of log filtering still work? I am not having any luck filtering out a message after closely following the instructions in this thread and others. message I want to filter out: Jul 19 16:19:32 TowerMediaServ kernel: 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85. I have tried every possible combination of filter syntax that I can think of and applied them to /etc/rsyslog.d/01-blocklist.conf and also in /etc/rsyslog.d/02-blocklist-extra.conf: :msg,contains,"Error: Nothing to do" stop :msg,contains,"user \"logout\" was not found in \"/etc/nginx/htpasswd\", client" stop :msg,contains,"ERROR: (0x03:0x0101)" stop :msg,contains," ERROR: (0x03:0x0101)" stop :msg,contains," 3w-9xxx: scsi1: ERROR: (0x03:0x0101)" stop :msg,contains," 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop :msg,contains," (0x03:0x0101)" stop :msg,contains," (0x03:0x0101):" stop :msg,contains," (0x03:0x0101): " stop :msg,contains,"opcode=0x85" stop :msg,contains,"opcode=0x85." stop :msg,contains,"opcode:opcode=0x85." stop :msg,isequal," 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop :msg,isequal," scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop :msg,isequal," ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop :msg,isequal," (0x03:0x0101): Invalid command opcode:opcode=0x85." stop :msg,isequal," Invalid command opcode:opcode=0x85." stop :msg,isequal,"opcode=0x85." stop :msg,isequal," (0x03:0x0101)" stop :msg,isequal," (0x03:0x0101):" stop :msg,isequal," (0x03:0x0101): " stop :msg,isequal," Invalid command opcode" stop After any changes to the 01-blocklist.conf or 02-blocklist-extra.conf I've restarted rsyslog.d with this command: /etc/rc.d/rc.rsyslogd restart I've also tried rebooting after tweaking the blocklist files...but the message still persists...Do I have the filter syntax wrong? Or has there been some sort of change recently that could explain why this isn't working for me? Quote Link to comment
tallguydirk Posted July 23, 2020 Share Posted July 23, 2020 Anyone have any thoughts? Would really appreciate some assistance with this because it's been plaguing me for years. The root cause of the error has no apparent impact on performance but it is so prevalent in the syslog that it's obfuscating all the important information. If I can get it automatically filtered out of the syslog that would be extremely helpful!! Quote Link to comment
testdasi Posted July 23, 2020 Share Posted July 23, 2020 47 minutes ago, tallguydirk said: Anyone have any thoughts? Would really appreciate some assistance with this because it's been plaguing me for years. The root cause of the error has no apparent impact on performance but it is so prevalent in the syslog that it's obfuscating all the important information. If I can get it automatically filtered out of the syslog that would be extremely helpful!! You might be better off with a separate topic with more specific details. Your query is quite a bit different from the topic title. Quote Link to comment
sjoerd Posted May 24, 2021 Share Posted May 24, 2021 Hello, I got unraid's syslog server running and got some questions: I created a new share named "syslog" - nothing fancy, but the logfile that appears hase this sign: root@Tower:/mnt/user/syslog# ls syslog-10.34.51.69.log i rather have a hostname instead of the ip, since ip address could change since, you know, dhcp. Yes, this particular ip is from my workstation but that workstation also got virtualbox running with at least 2 vm's active... I want to set those vm's up to send there logs also to unraid - Checking configuration or denied errors on all those machines driving me nuts - so yeah syslog 🙂 * Sooo how can I tell unraid to create syslog-$hostname.log and * How can I see the logs realtime on eg tower.local/logging.htm ? Regards, Sjoerd Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.