2

I must admit to being a complete syslog newbie. I haven't touched it until now, but I use its output on a daily basis, like most of us :)

I currently have a problem with the gmetad daemon spamming my /var/log/messages file with messages like the following:

Sep 1 10:09:49 monitor /usr/sbin/gmetad[31752]: RRD_update (/var/lib/ganglia/rrds/Machines/SummaryInfo/example.rrd): illegal attempt to u pdate using time 1314868188 when last update time is 1314868188 (minimum one second step).

I'm not too worried about the error, what I want to do is redirect these particular messages to another log file (e.g /var/log/gmetad.log). The problem is that there doesn't seem to be any way to direct gmetad's logs to a certain place in its config (and documentation for this particular piece of software seems quite sparse). So I was wondering if it was possible to use the "local" facility in syslog to grab these messages and stick them somewhere else to leave /var/log/messages a bit cleaner.

Can anyone help? Does anyone have any examples for the "local" facilities?

Wesley
  • 32,320
  • 9
  • 80
  • 116
ticktockhouse
  • 731
  • 1
  • 10
  • 17

1 Answers1

2

Which syslog daemon do you have ? Syslogd ? syslog-ng ? rsyslog ? The syntax is different for each daemon.

for example in rsyslog, you could do something like

local5.*   /var/log/gmetad.log

{you must find application's facility}

otherwise you could do something like

if $msg contains gmetad then /var/log/gmetad.log
Nikolaidis Fotis
  • 1,994
  • 11
  • 13
  • I'm using syslogd on Centos. Further to your comment, how do I find the application's facility? That second line of code, does that go in the syslog.conf? – ticktockhouse Sep 01 '11 at 10:50
  • It would work if you use rsyslog. for syslogd the syntax is different.Unofurtunately I am not familiar with syslogd syntax. I would suggest to use another daemon (syslog-ng or rsyslog) because syslogd is quite obsolete. – Nikolaidis Fotis Sep 01 '11 at 11:25