How to disable dhclient log and rsyncd.log in /var/log/messages on LINUX

Last Updated on Friday, 16 October 2020 17:04 Written by BiRU Friday, 16 October 2020 17:04

Print

 

On Amazon EC2 instances, DHCP client logs are filled with /var/log/messages because EC2 uses DHCP service for getting their IP addresses and by default DHCP client activities are logged in /var/log/messages. I can't track other system activities than DHCP client log, then I disabled the dhcp client logs.


How to disable DHCP Client log

 

I tested this solution but the result is that no more system activities are logged in /var/log/messages.
So don't use this solution.


1,  Edit /etc/rsyslog.conf
2,  add ';dhclient.none' in the following line and save it.

Before
*.info;mail.none;authpriv.none;cron.none          /var/log/messages

After
*.info;mail.none;authpriv.none;cron.none;dhclient.none          /var/log/messages

3, restart rsyslog
# service rsyslog restart

Notes: I asked the AWS tech support about this, then they also don't know the solution. Their  workaround is to grep /var/log/messages to remove dhclient lines and redirect another text file.
#grep -v dhclient /var/log/messages > /var/log/messages-nodhclient.log

The syslog facility of dhclient is hard coded in the source to "LOG_DAEMON". You can change the setting with "LOG_DAEMON" not to log in /var/log/messages but you'll miss any other "LOG_DAEMON" activities in /var/log/messages. So it's hard to remove only dhclient logs in the /var/log/messages.


How to move rsync logs to xinetd.log

1, Edit /etc/xinetd.conf like following and save it.
Before

log_type        = SYSLOG daemon info


After

#       log_type        = SYSLOG daemon info
log_type        = FILE /var/log/xinetd.log


2, Reload xinetd service
#service xinetd reload

3, Add log rotation for xinetd.log
Create log rotate setting for xinetd.log like following
# vi /etc/logrotate.d/xinetd
#=====

/var/log/xinetd.log {
rotate 10
daily
compress
delaycompress
missingok
postrotate
/bin/kill -HUP `cat /var/run/xinetd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

#=====

4, force log rotate by the following command
#logrotate -f /etc/logrotate.conf