I'm troubleshooting a problem of system hangs and want to know what's being logged just before the system freeze occurs. This effort is being hampered because my VPN provider (PIA) is logging gobs of information messages every minute. I'd like to have a lot less clutter on the shell window when things lock up.
I've tried adding something like various permutations of the following to rsyslog.conf
pia-daemon.info /dev/null
pia*.info /dev/null
I'd like to avoid creating additional conf files if possible. I do not want to suppress all info messages, just these. Ideas?
You can use the
stopkeyword action to end processing of a message. To match the message you need to know where thepia-daemonstring appears in the input. It might be the tag, or it might be$programname. You can tryTo find out you could list all the fields using a builtin template
RSYSLOG_DebugFormat:Or you can just look anywhere in the raw input:
Make sure these filters appear early in the config file, before other filters.