We have a certain process related to Azure that is running that is constantly writing out the following to our logs:
Aug 18 06:54:28 log-ids-vm rsyslogd-3000: omazuremds error at connect(). errno=No such file or directory
How can we stop a certain process from writing to the messages log? Or, if we're using something like Ossec for log retrieval, how can we filter it out?
How can we stop a certain process from writing to the messages log?
By configuring that logging options of that process, i.e. make it log to file instead of to STDOUT or syslog or configure the log level to be less verbose/silent.
Alternatively since you appear to be using rsyslog:
Rsyslogd supports filter conditions, one of which, the ~ is to silently discard messages that match a specific pattern:
Using negation can be useful if you would like to do some generic processing but exclude some specific events. You can use the discard action in conjunction with that. A sample would be:
*.* /var/log/allmsgs-including-informational.log :msg, contains, "informational" ~ *.* /var/log/allmsgs-but-informational.logDo not overlook the tilde ~in line 2! In this sample, all messages are written to the file
allmsgs-including-informational.log.
Then, all messages containing the string “informational” are discarded. That means the config file lines below the “discard line” (number 2 in our sample) will not be applied to this message. Then, all remaining lines will also be written to the fileallmsgs-but-informational.log.
