MonitorWare Knowledge Base

hi Rainer,


I have centralised rsyslog server for my datacenter and collecting huge amount of data. And for avalibility status i m using Nagios. I have noticed that i m getting lot of data related to nrpe (nagios addon ) logs which is as below:


xinetd[15155]: START: nrpe pid=24858 from=10.10.10.78
xinetd[15155]: START: nrpe pid=24863 from=10.10.10.78
xinetd[15155]: START: nrpe pid=24864 from=10.10.10.78
xinetd[15155]: EXIT: nrpe status=0 pid=24858 duration=0(sec)
xinetd[15155]: START: nrpe pid=24868 from=10.10.10.78
xinetd[15155]: EXIT: nrpe status=0 pid=24864 duration=0(sec)
xinetd[15155]: EXIT: nrpe status=0 pid=24863 duration=0(sec)
xinetd[15155]: EXIT: nrpe status=0 pid=24868 duration=1(sec)

and these logs are occupying lot of space on syslog server. is there any trick to redirect these logs or block this logs ?? these logs are comes under deamon-info categary.

I know this question is not really related to your project. but if you know any trick for this setting then pls let me know.
It will be very helpful for me and i can save some space on server.

Thanks,
Karen

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Hi,
You just use filters based on the priority,facility and property so that you can have only particular type of messages to the server.

If you use *.* any where then one copy of the data will be stored in that particular path.
that *.* mean Priority.facility which says that messages of all priority and facility should be transferred to the location mentioned there.

Regards,
Prakash.

Hi Prakash,

Thanks for reply.

well previously i was using *.* .But now i have changed it and put the selected facility. xinted + nrpe logs comes under *.info so i avoid to put that in rsyslog.conf and i got the desired output but it will stop other deamon's info logs also ..and i dont want that ..i only want to stop xinetd+nrpe logs.

Any trick ?

Regards,
Karen

Hi Karen,

you can look at the message text itself. Do this at the top of the config file and then discard those messages that you don't want. Then, do the real actions. It is along these lines (but check the syntax, I am doing this out of my head...):

if $msg contains 'nrpe' ~

HTH
Rainer

Hi,
Did you try what Rainer said. You can also use that.

Prakash.

hi,

sorry for late reply. i was busy with other stuff.

Hey rainer i am sorry but i didnt get that.

Do you want me to delete all messages which contain npre?

karen wrote:Do you want me to delete all messages which contain npre?

I thought you did not want the messages that contain npre. The config file snippet I showed discards them and so they are not written to any file. If I misunderstood you, please let me know what you are really trying to achieve

Rainer