본문 바로가기

리눅스

[리눅스] message에 출력되는 Created slice, Starting Session 로그 제거

728x90

message 로그에 출력되는 Created slice, Starting Session 로그 제거

테스트 환경

$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

message 로그

$ tail -f /var/log/messages
Aug 19 13:30:01 bvm-web12 systemd: Started Session 395 of user root.
Aug 19 13:30:01 bvm-web12 systemd: Starting Session 395 of user root.
Aug 19 13:30:01 bvm-web12 systemd: Started Session 396 of user root.
Aug 19 13:30:01 bvm-web12 systemd: Starting Session 396 of user root.
Aug 19 13:30:01 bvm-web12 systemd: Started Session 397 of user root.
Aug 19 13:30:01 bvm-web12 systemd: Starting Session 397 of user root.
Aug 19 13:30:02 bvm-web12 systemd: Removed slice User Slice of root.
Aug 19 13:30:02 bvm-web12 systemd: Stopping User Slice of root.
Aug 19 13:31:01 bvm-web12 systemd: Created slice User Slice of root.
Aug 19 13:31:01 bvm-web12 systemd: Starting User Slice of root.
Aug 19 13:31:01 bvm-web12 systemd: Started Session 399 of user root.
Aug 19 13:31:01 bvm-web12 systemd: Starting Session 399 of user root.
Aug 19 13:31:01 bvm-web12 systemd: Started Session 398 of user root.
Aug 19 13:31:01 bvm-web12 systemd: Starting Session 398 of user root.
Aug 19 13:31:01 bvm-web12 systemd: Removed slice User Slice of root.
Aug 19 13:31:01 bvm-web12 systemd: Stopping User Slice of root.
Aug 19 13:32:01 bvm-web12 systemd: Created slice User Slice of root.
Aug 19 13:32:01 bvm-web12 systemd: Starting User Slice of root.
Aug 19 13:32:01 bvm-web12 systemd: Started Session 400 of user root.
Aug 19 13:32:01 bvm-web12 systemd: Starting Session 400 of user root.
Aug 19 13:32:01 bvm-web12 systemd: Started Session 401 of user root.

rsyslog를 사용하여 삭제 필터 생성

echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf

rsyslog 재기동

$ systemctl restart rsyslog

 

https://access.redhat.com/solutions/1564823

728x90