Languages and Scripting
Showing results for 
Search instead for 
Do you mean 

Remove specific error messages from syslog.log

Highlighted
Frequent Advisor

Remove specific error messages from syslog.log

Hi. I trying to find a way to reduce the size of syslog.log by removing certain error messages in the log.

Will it be possible to do this by writing a script which will search for the messages and then cut those messages from syslog.log?

Thanks in advance.
5 REPLIES
Honored Contributor Honored Contributor

Re: Remove specific error messages from syslog.log

Cutting out specific lines will require a program. Scripting can use tools like awk, sed and grep ot filter important messages. However, it is too complex to strip lines from an active file like syslog.log. Instead, you can filter syslog into a smaller file and refer to that file for the interesting messages. AS for syslog's size, every Unix system must have a syslog managament tool. It will grow without bounds so it must be checked weekly and when it gets to be dozens of MB in size, copy it, zero the syslog file,
then compress the copy.

Here is a quick method to filter intersting messages:

grep -ie fail -e crit -e error -e disable -e lock /var/adm/syslog/syslog.log

Another method to analyze syslog is to look for repeating messages. This will count the number of times the same message is recorded in syslog:

MYHOST=$(hostname)
cat /var/adm/syslog/syslog.log \
| sed -e "s/^.*$MYHOST//" -e 's/\[[0-9]*\]//' \
| grep -v "above message repeats" \
| sort \
| uniq -c \
| sort -rn

The above script will point out messages that occur over and over.
Acclaimed Contributor Acclaimed Contributor

Re: Remove specific error messages from syslog.log

Hi Ryan:

Another way you might want to reduce the size of your 'syslog.log' is to _not_ record too much information in the first place. Perhaps that is one issue you have. For instance, you may be retaining part of the previous log with 'PREV_OLDSYSLOG_LINES' or you may have debugging log levels set when you no longer need them.

You can also configure your logging to keep a message class in a separate file other than 'syslog'.

Have a look at the 'syslogd(1M)' manpages for specific details and examples.

http://www.docs.hp.com/en/B2355-60130/syslogd.1M.html

Regards!

...JRF...
Frequent Advisor

Re: Remove specific error messages from syslog.log

Thanks to all for your advice.

Currently there is a error msg that keep appearing in syslog.log. This error msg is harmless and can be disregard.

If removing this error message from syslog.log is too complex, is there anyway we can filter the error coming in, such as telling the server that it can disregard this particular error msg?
Acclaimed Contributor Acclaimed Contributor

Re: Remove specific error messages from syslog.log

Hi Ryan:

If the message is "harmless" but "annoying" you can modify your '/etc/rc.config.d/syslogd' to enable the facility and priority logging with the message. Then, you may be able to explictly reconfigure '/etc/syslog.conf' to ignore the message.

Regards!

...JRF...
Honored Contributor Honored Contributor

Re: Remove specific error messages from syslog.log

What is the error message you are getting ?
"Light travels faster than sound. That's why some people appear bright until you hear them speak."