시스템 로그 분석을 매주 진행하는데 systemd 에서 아래와 같은 메세지가 많이 표현됨.
|
1 2 3 4 5 6 7 8 9 |
Sep 23 00:00:00 HOSTNAME systemd: Started Session XXXXXXXX of user root. Sep 23 00:00:00 HOSTNAME systemd: Starting Session XXXXXXXX of user root. Sep 23 00:00:00 HOSTNAME systemd: Removed session XXXXXXXX. Sep 23 00:00:00 HOSTNAME systemd: Starting User Slice of root. Sep 23 00:00:00 HOSTNAME systemd: Stopping User Slice of root. Sep 23 00:00:00 HOSTNAME systemd: Created slice user-X.slice. Sep 23 00:00:00 HOSTNAME systemd: Removed slice user-X.slice. Sep 23 00:00:00 HOSTNAME systemd: Starting user-X.slice. Sep 23 00:00:00 HOSTNAME systemd: Stopping user-X.slice. |
로그 분석할때 쓸모가 없기 때문에 rsyslog 에서 예외 적용 한다.
|
1 2 3 |
~]# echo 'if $programname == "systemd" and ($msg contains "Removed session" or $msg contains "Starting User Slice of" or $msg contains "Stopping User Slice of" or $msg contains "Created slice" or $msg contains "Removed slice" or $msg contains "Starting user-" or $msg contains "Stopping user-" or $msg contains "Started Session" or $msg contains "Starting Session") then stop' > /etc/rsyslog.d/ignore-systemd-session-slice.conf ~]# systemctl restart rsyslog |