On Sun, 29 Jul 2018, AC wrote:
They are the same message. Look at the kernel time stamp of the second
dwc_otg debug message (684022.125383) and the timestamp of the blank
message (also 684022.125383).
that doesn't mean they are the same message. output all logs using the
RSYSLOG_DebugFormat and I'll bet that you see theone you are surpressing
followed by another message that just has a single space or something like
that.
I can also turn on and off my rule to remove dwc_otg messages and I
either get blank lines or the full dwc_otg message. As I mentioned
before, I can do this reliably so I know a blank line is being inserted
into the /var/log/messages and /var/log/kern.log files anytime the stop
rule is enabled. If the stop rule is disabled then both of those files
receive the dwc_otg message.
I'll bet they also get the 'blank' message in that case.
When you tell rsyslog to stop processing a log, it does just that, it stops
processing the log, it doesn't then continue to process a blank message.
David Lang
On 2018-07-29 16:04, David Lang wrote:
how are the empty messages you are complainign about related to the
dws_otg messages you are showing us the debug log for? they are
different messages, you would need a different filter to block them.
David Lang
On Sun, 29 Jul 2018, AC wrote:
Date: Sun, 29 Jul 2018 09:53:16 -0700
From: AC <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: Re: [rsyslog] Timestamp only entry after using stop to
suppress log
entries
On 2018-07-29 00:43, David Lang wrote:
the output in RSYSLOG_DebugFormat of the messages you are interested in
suppressing would be very useful
Ok, I wrote the following rule at the very top of the file prior to my
stop rules:
:msg, contains, "dwc_otg" /var/log/rsyslogdebug.log
I then triggered the warning and this is the result:
Debug line with all properties:
FROMHOST: 'mail', fromhost-ip: '127.0.0.1', HOSTNAME: 'mail', PRI: 4,
syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel', PROCID:
'-', MSGID: '-',
TIMESTAMP: 'Jul 29 09:45:07', STRUCTURED-DATA: '-',
msg: '[684022.122922] WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode
Mismatch Interrupt: currently in Host mode'
escaped msg: '[684022.122922]
WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode Mismatch Interrupt:
currently in Host mode'
inputname: imklog rawmsg: '[684022.122922]
WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode Mismatch Interrupt:
currently in Host mode'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: 'mail', fromhost-ip: '127.0.0.1', HOSTNAME: 'mail', PRI: 4,
syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel', PROCID:
'-', MSGID: '-',
TIMESTAMP: 'Jul 29 09:45:07', STRUCTURED-DATA: '-',
msg: '[684022.125383] WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode
Mismatch Interrupt: currently in Host mode'
escaped msg: '[684022.125383]
WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode Mismatch Interrupt:
currently in Host mode'
inputname: imklog rawmsg: '[684022.125383]
WARN::dwc_otg_handle_mode_mismatch_intr:68: Mode Mismatch Interrupt:
currently in Host mode'
$!:
$.:
$/:
I had left the stop rules in place after the debug rule and the empty
messages showed up in /var/log/kern.log and /var/log/messages:
/var/log/kern.log:
2018-07-29T09:45:07.010780-07:00 mail kernel: [684022.125383]
(there is a trailing single space)
And also in /var/log/messages:
2018-07-29T09:45:07.010780-07:00 mail kernel: [684022.125383]
(there is a trailing single space)
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
