How to disable syslog messaging to /var/log/syslog
Probably all you need is to comment out following (or similar) line in your /etc/rsyslog.conf:
syslog.* /var/log/syslog
Or reduce it to some more limiting level, like warn or err:
syslog.err /var/log/syslog
For complete list of priority keywords consult the 'man rsyslog.conf'.
Related videos on Youtube
John Blackberry
Updated on September 18, 2022Comments
-
John Blackberry over 1 year
I'm working on a centralized logging solution using the ELK stack and Kafka.
I'm running Ubuntu Xenial on all the machines, and I'm using Rsyslog with omkafka to write all log messages to a kafka topic. The pipeline is:
+-----------+ +-----------+ +--------------+ +-------------------+ | | | | | | | | | Rsyslog +------> Kafka +------> Logstash +--------> Elasticsearch | | (omkafka) | | | | | | | | | +-----------+ +--------------+ +-------------------+ +-----------+
Since I now have this solution in place I've turned the verbosity up on most logging to have the biggest amount of info available.
This, however, has exposed a big pain point: /var/log/syslog is growing at a rate where the daily logrotate will not work, the disks fill in ~4 hours. Since I don't exactly need the file contents, I was thinking about disabling logging to that file altogether. I've been searching through the Rsyslog docs and can't find any info on this.
How do I disable file logging in this case?
The other alternative, that I wanted to avoid, is to turn the logrotate frequency up to hourly.
Thanks
-
John Blackberry over 6 yearsI'm going to try that out then. For reference the file under Xenial is /etc/rsyslog.d/50-default.conf
-
John Blackberry over 6 yearsTested, works :)