therbur
2016-Jul-19 00:35 UTC
[CentOS] CentOS 7: System log has repeated lines: Started session 123 of user root.
The system log (/var/log/messages) of a CentOS 7.2 system has frequently-repeated message line pairs like: Jul 18 14:00:01 localhost systemd: Started Session 307 of user root. Jul 18 14:00:01 localhost systemd: Starting Session 307 of user root. where the session number increases each time. Looking around on this, e.g. Red Hat Bugzilla bug 727315, it looks like it's when crond starts a task; it looks like it might be fixed - I would think that would be in CentOS but don't know how to find/compare the Fedora and CentOS systemd versions to know for sure. I found a post on a workaround - in /etc/systemd/system.conf to change the line: #LogLevel=info to: LogLevel=notice I did that and rebooted, and it has stopped the messages. I'm worried though that this may have knocked out something of actual interest from the syslog. So my question is, is there a better way? A way that info messages could go to some other log, or better yet, a way that those particular "session" messages, and only those, could go to some other log or be filtered out?
therbur
2016-Aug-04 05:24 UTC
[CentOS] CentOS 7: System log has repeated lines: Started session 123 of user root.
therbur <fxb7-ox9n at dea.spamcon.org> wrote:>The system log (/var/log/messages) of a CentOS 7.2 system has >frequently-repeated message line pairs like: > >Jul 18 14:00:01 localhost systemd: Started Session 307 of user root. >Jul 18 14:00:01 localhost systemd: Starting Session 307 of user root. > >where the session number increases each time. > >Looking around on this, e.g. Red Hat Bugzilla bug 727315, it looks like >it's when crond starts a task; it looks like it might be fixed - I would >think that would be in CentOS but don't know how to find/compare the >Fedora and CentOS systemd versions to know for sure. > >I found a post on a workaround - in /etc/systemd/system.conf to change the >line: > >#LogLevel=info > >to: > >LogLevel=notice > >I did that and rebooted, and it has stopped the messages. > >I'm worried though that this may have knocked out something of actual >interest from the syslog. > >So my question is, is there a better way? A way that info messages could >go to some other log, or better yet, a way that those particular "session" >messages, and only those, could go to some other log or be filtered out?No replies - any tips/ideas on where to look next?
therbur
2016-Aug-11 17:21 UTC
[CentOS] CentOS 7: System log has repeated lines: Started session 123 of user root.
therbur <fxb7-ox9n at dea.spamcon.org> wrote:>therbur <fxb7-ox9n at dea.spamcon.org> wrote: > >>The system log (/var/log/messages) of a CentOS 7.2 system has >>frequently-repeated message line pairs like: >> >>Jul 18 14:00:01 localhost systemd: Started Session 307 of user root. >>Jul 18 14:00:01 localhost systemd: Starting Session 307 of user root. >> >>where the session number increases each time. >> >>Looking around on this, e.g. Red Hat Bugzilla bug 727315, it looks like >>it's when crond starts a task; it looks like it might be fixed - I would >>think that would be in CentOS but don't know how to find/compare the >>Fedora and CentOS systemd versions to know for sure. >> >>I found a post on a workaround - in /etc/systemd/system.conf to change the >>line: >> >>#LogLevel=info >> >>to: >> >>LogLevel=notice >> >>I did that and rebooted, and it has stopped the messages. >> >>I'm worried though that this may have knocked out something of actual >>interest from the syslog. >> >>So my question is, is there a better way? A way that info messages could >>go to some other log, or better yet, a way that those particular "session" >>messages, and only those, could go to some other log or be filtered out? > >No replies - any tips/ideas on where to look next?I dug into this further. I backed out the change above, and instead added filter files in /etc/rsyslog.d to knock out those root session lines, and related ones, and other ones, so that the syslog is no longer filled up with the useless junk noise. First .conf filter file content: if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-") then stop Second one: if ($programname == "dbus" or $programname == "dbus-daemon") and (($msg contains "Activating service name=" or $msg contains "Successfully activated service ") and $msg contains "org.freedesktop.problems") then stop