Page 1 of 2
Disable logging to /var/log/messages
Posted: Sun Aug 09, 2009 9:43 am
by lukelukeluke
Hi
Does anyone know how I can disable logging of zoneminder stuff to
/var/log/messages? I want logging in separate files instead, this also works, I get all these zm* files in /tmp. But I would like to disable logging to the messages file as I get 100's of entries like these:
Code: Select all
Aug 6 11:57:06 AMD2400 zma_m1[8834]: INF [Pinnacle: 38626000 - Processing at 24.39 fps]
Aug 6 11:57:47 AMD2400 zmc_dvideo0[8830]: INF [Pinnacle: 38627000 - Capturing at 24.39 fps]
And I can't see system problems anymore.
Didnt see the option in ZM web panel...
Posted: Sun Aug 09, 2009 10:18 am
by 50cc
Good one, would like to do the same.
Posted: Sun Aug 09, 2009 12:49 pm
by mitch
Well one option is just to use your syslog daemon to filter them out, for syslog-ng an example would be:
filter f_zm { match("^zm.*"); };
destination zm { file("/var/log/zm.log"); };
log { source(src); filter(f_zm); destination(zm); };
Posted: Mon Aug 10, 2009 11:25 am
by 50cc
mitch wrote:Well one option is just to use your syslog daemon to filter them out, for syslog-ng an example would be:
filter f_zm { match("^zm.*"); };
destination zm { file("/var/log/zm.log"); };
log { source(src); filter(f_zm); destination(zm); };
I added that to my /etc/syslog file, and did /etc/init.d/syslog restart, but nothing changed...
Posted: Mon Aug 10, 2009 2:58 pm
by lukelukeluke
Doesn't work for me either.
mitch: How exactly has this to be done?
Thanks
Posted: Mon Aug 10, 2009 3:17 pm
by mitch
As I mentioned my specific example was for the syslog daemon syslog-ng, its config file is generally /etc/syslog-ng/syslog-ng.conf so you most likely have a different syslogger. You would have to look at the man page for the specific format for yours.
Posted: Mon Aug 10, 2009 4:50 pm
by lukelukeluke
I found the right config file and ow-surprise it worked.
Do you know if this also filters other information out or only zoneminder info? Nothing from other programs what contains "zm"?
Posted: Mon Aug 10, 2009 9:49 pm
by lukelukeluke
Got my hopes up too soon...
It does actually log all the zoneminder messages into
/var/log/zoneminder.log, but it does at the same time still log them into
/var/log/messages. Do I have to add something to the code that it only logs the messages there?
Code: Select all
#
# Filter Zoneminder
#
filter f_zm { match("^zm.*"); };
destination zm { file("/var/log/zoneminder.log"); };
log { source(src); filter(f_zm); destination(zm); };
Posted: Mon Aug 31, 2009 12:50 pm
by lukelukeluke
So does no one know how I can disable logging to messages file? I got all relevant stuff logged to zoneminder.log, but everything is still in messages too!
Posted: Mon Aug 31, 2009 8:20 pm
by zoneminder
I use the following in my rsyslog.conf
Code: Select all
# Save ZoneMinder messages to zm.log
local1.* /var/log/zm/zm.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;local1.!*;local1.warning;mail.none;news.none;authpriv.none;cron.none /var/log/messages
The first line directs all ZM messages to the zm.log file. The second line (in addition to normal settings) turns off all ZM messages to /var/log/messages, then switches on ZM messages of warning and above. This basically disables info etc. ZM uses the local1 facility so if you want to turn off all messages to the /var/log/messages file just include the local1.!* bit and not the section afterwards.
This is for rsyslog but most logging systems will be similar.
Posted: Sat Sep 19, 2009 11:02 am
by beerygaz
Thaks for this thread, I've now tidies up /var/log/messages but my zm.log gets pretty large (even with rotation). I seems to be getting 1 entry every 2 to 3 seconds, is that right? It seems like an awful lot of detail that also seems to consume CPU and disk resources - is this normal behavior?
top shows me using 22% CPU on my machine (zma and zmc being the main culprits) while the web console only shows load at 0.5%. What am I missing?
Posted: Sun Jun 27, 2010 11:34 am
by Nukem36
High,
the given lines from the previous post
Code: Select all
#
filter f_zm { match("^zm.*"); };
destination zm { file("/var/log/zoneminder.log"); };
log { source(src); filter(f_zm); destination(zm); };
do work, but just generate a new logfile with the zm messages. I had to change the filter for /var/log/messages to prevent zm-messages to be logged there too. My OpenSuSE 11.2 uses the filter f_messages. The corresponding line may look like this:
Code: Select all
#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };
I hat to change this line
Code: Select all
filter f_messages { not facility(news, mail) and not filter(f_iptables) ; };
to
Code: Select all
filter f_messages { not facility(news, mail) and not filter(f_iptables) and not filter(f_zm); };
For an OpenSuSE distri the syslog-ng.conf file ist located in
/etc/syslog-ng/syslog-ng.conf
Hope this hint helps someone else.
Regards
Nukem36
Posted: Mon Jun 28, 2010 6:42 am
by lukelukeluke
Thanks a lot for this, worked very well!
make money from home
Posted: Sat Jul 31, 2010 9:46 am
by pauljordan
Changes for syslog-ng version >3.1
Posted: Sat Feb 12, 2011 7:05 pm
by Nukem36
High!
recently I changed from OpenSuSE 11.2 to 11.3. With this change syslog-ng was installed version 3.1.1.
Unfortunatly the filter() changed too. As a result, all zm-messages could be found again in /var/log/messages. Ugly!
I had to read a lot of docs to find out what to change. First I tried the following by changing the filter():
Code: Select all
filter f_zm { message("^zm.*"); };
I tried this, cause I got the message "Starting syslog servicesWARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;" and the manpages mentioned, that message() replaces the older match().
But this was not realy the truth. With the following definition I got success;
Code: Select all
filter f_zm { match('^zm.*' value(MSGHDR)); };
All other lines (see posting above) are still the same.
I hope this helps somebody out
Nukem36
