Suppressing messages in /var/log/syslog

Running Ubuntu or some other Linux distro?  Seeing lots of pointless messages in /var/log/syslog?  Want to be able to stop/suppress/filter the entries from a particular program so that they don’t obscure the more important ones?  I’ll show you how.

Lots of Linux users peek inside of the logs that accumulate in /var/log/ every-so-often to keep an aye on what’s going on under the hood.  Most of the time things trundle along quite nicely, but occasionally some piece of software will behave badly and fill up your logs with all sorts of pointless garbage.

That happened to me today with Steam.  I had a look inside of /var/log/syslog and saw over 1,500 entries like this (generated today alone):

Jan  1 10:18:48 SystemName steam.desktop[1390]: followed by...

[INFO:crash_reporting.cc(216)] Crash reporting enabled for process: browser
[WARNING:crash_reporting.cc(255)] Failed to set crash key: UserID with value: 0
[WARNING:crash_reporting.cc(255)] Failed to set crash key: BuildID with value: 1543263366
[WARNING:crash_reporting.cc(255)] Failed to set crash key: SteamUniverse with value: Public
[WARNING:crash_reporting.cc(255)] Failed to set crash key: Vendor with value: Valve
[ERROR:gpu_process_transport_factory.cc(1026)] Lost UI shared context.
[INFO:crash_reporting.cc(239)] Crash reporting enabled for process: renderer
[INFO:crash_reporting.cc(216)] Crash reporting enabled for process: gpu-process
Startup - updater built Nov 26 2018 20:15:21
Verification complete
Verifying installation...
Background update loop checking for update. . .
Checking for available updates...
Downloading manifest: client-download.steampowered.com/client/steam_client_ubuntu12
Download skipped: /client/steam_client_ubuntu12 version 1543346820, installed version 1543346820
Nothing to do
Shutdown
Checking for update on startup
Performing checksum verification of executable files
CAPIJobRequestUserStats - Server response failed 2
CAppInfoCacheReadFromDiskThread took 43 milliseconds to initialize
CApplicationManagerPopulateThread took 6 milliseconds to initialize (will have waited on CAppInfoCacheReadFromDiskThread)
ExecCommandLine: "'/home/tim/.local/share/Steam/ubuntu12_32/steam'"
ExecuteSteamURL: "steam://openurl/https://steamcommunity.com/my/gamecards/991980/"
Exiting workitem thread
Failed to init SteamVR because it isn't installed
Fontconfig error: "/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", line 72: non-double matrix element
Fontconfig warning: "/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", line 80: saw unknown, expected number
Gtk-Message: Failed to load module "atk-bridge"
Gtk-Message: Failed to load module "gail"
Installing breakpad exception handler for appid(steam)/version(1543346820)
JS method call Broadcast.RegisterForBroadcastStatus with 1 arguments
JS method call Broadcast.RegisterForViewerRequests with 1 arguments
JS method call FriendSettings.GetEnabledFeatures with 1 arguments
JS method call FriendSettings.RegisterForSettingsChanges with 1 arguments
JS method call Parental.RegisterForParentalSettingsChanges with 1 arguments
JS method call SharedConnection.AllocateSharedConnection with 1 arguments
JS method call SharedConnection.RegisterOnLogonInfoChanged with 2 arguments
JS method call SharedConnection.RegisterOnMessageReceived with 2 arguments
JS method call SharedConnection.SendMsgAndAwaitResponse with 3 arguments
JS method call SharedConnection.SendMsg with 2 arguments
JS method call SharedConnection.SubscribeToClientServiceMethod with 2 arguments
JS method call SharedConnection.SubscribeToEMsg with 2 arguments
JS method call Storage.GetString with 2 arguments
JS method call WebChat.BSuppressPopupsInRestore with 1 arguments
JS method call WebChat.GetCurrentUserAccountID with 1 arguments
JS method call WebChat.GetOverlayChatBrowserInfo with 1 arguments
JS method call WebChat.GetPushToTalkEnabled with 1 arguments
JS method call WebChat.GetSignIntoFriendsOnStart with 1 arguments
JS method call WebChat.GetWebChatLanguage with 1 arguments
JS method call WebChat.GetWebChatURL with 1 arguments
JS method call WebChat.RegisterForComputerActiveStateChange with 1 arguments
JS method call WebChat.RegisterForFriendPostMessage with 1 arguments
JS method call WebChat.RegisterForPushToTalkStateChange with 1 arguments
JS method call WebChat.RegisterOverlayChatBrowserInfoChanged with 1 arguments
JS method call WebChat.SetVoiceChatActive with 1 arguments
message repeated 25 times: [ JS method call SharedConnection.SubscribeToClientServiceMethod with 2 arguments]
message repeated 3 times: [ JS method call SharedConnection.SendMsgAndAwaitResponse with 3 arguments]
message repeated 4 times: [ JS method call Storage.GetString with 2 arguments]
message repeated 7 times: [ JS method call SharedConnection.SubscribeToEMsg with 2 arguments]
message repeated 8 times: [ Installing breakpad exception handler for appid(steam)/version(1543346820)]
migrating temporary roaming config store
Opted-in Controller Mask for AppId 0: 0
Pins up-to-date!
roaming config store loaded successfully - 2357 bytes.
Running Steam on ubuntu 18.04 64-bit
(steam:1678): Gtk-WARNING **: gtk_disable_setlocale() must be called before gtk_init()
** (steam:1678): WARNING **: Could not create object for /org/freedesktop/NetworkManager/Devices/1: unknown object type
** (steam:1678): WARNING **: Ignoring invalid property 'address-data'
** (steam:1678): WARNING **: Ignoring invalid property 'addr-gen-mode'
** (steam:1678): WARNING **: Ignoring invalid property 'autoconnect-priority'
** (steam:1678): WARNING **: Ignoring invalid property 'interface-name'
** (steam:1678): WARNING **: Ignoring invalid property 'route-data'
** (steam:1678): WARNING **: Ignoring invalid property 'wake-on-lan'
** (steam:1678): WARNING **: Unknown device type 14
** (steam:1678): WARNING **: Unknown setting 'proxy'
STEAM_RUNTIME is enabled automatically
System startup time: 4.88 seconds

(Duplicates removed to save space.)

I mean, seriously???  Thousands of lines of ‘chatty’ crap that should never have been logged in the first place, or which I can’t fix or do anything about anyway.  /sigh

Now, Steam isn’t the only program behaving badly, but it was the one that caught my eye, and it was the worst offender, so I decided to deal with it first.

Now, I’m using Ubuntu 18.04 and that uses rsyslog to do the logging.  Nice program, but the documentation is definitely not friendly for newbies.  It’s also aimed more at sysadmins who want to manage their logs in a different way.

If you just want to suppress the messages being generated by a specific program, then this is what you need to do:

First, use your favourite editor to edit rsyslog’s configuration file:

$ sudo nano /etc/rsyslog.d/50-default.conf

The top of the file will start with a bunch of commented lines.  Comments all start with a #.  My first uncommented line contained auth,authpriv.* /var/log/auth.log.

Add the following “expression-based filter” somewhere above/before your first uncommented line:

if ($programname == 'steam.desktop') then stop

It shouldn’t take a rocket scientist to work out what’s going on.

  • $programname is a predefined message property that holds the name of the program.
  • steam.desktop is the name of the program as it appears in /var/log/syslog entries like this:
    • Jan  1 10:18:48 SystemName steam.desktop[1390]: Running Steam on ubuntu 18.04 64-bit
  • stop directs rsyslog to take no further action with this message (i.e. it silently drops it and will not log it to a file).

Change the name of the program to be whatever you want to suppress messages from, and then save and exit the editor.  (CTRL-X followed by Y followed by ENTER will do that for users new to nano.)

For the filter to take effect:

$ sudo service rsyslog restart

That’s it, you’re done!  You’ll logs will never be sullied by messages from that application again.  Enjoy the higher signal-to-noise ratio!

But wait…

Q:  What if I only want to get rid of the ‘less important’ messages, and still receive all the ‘more serious’ ones?

A legitimate question.  The answer relies on the developer of the program setting an appropriate ‘severity’ to their messages.  That’s something you don’t have control over, so the following may not work, but you can try it anyway:

if ($programname == 'steam.desktop' and $syslogseverity > 5) then stop

By also testing the $syslogseverity property of the message you might be able to limit the messages you suppress to just the chatty/pointless ones.

The different severity levels, and what they correspond to, are as follows:

0 — emergencies — System unusable
1 — alerts — Immediate action required
2 — critical — Critical condition
3 — errors — Error conditions
4 — warnings — Warning conditions
5 — notifications — Normal but significant conditions
6 — informational — Informational messages
7 — debugging — Debugging messages

So — theoretically — testing for $syslogseverity > 5 should silently drop all informational and debugging messages, but let notifications, warnings and so-on through.  Theoretically.

Q:  What if I want to suppress messages based on something other than the $programname?

Yep, you can do that.  A list of the various properties you can easily access is found here:

https://www.rsyslog.com/doc/v8-stable/configuration/properties.html

Expression-based filters are great in that they give you the freedom to be as arbitrarily complex as you like, and they should be familiar to anyone with any programming experience at all.  But remember what I said about the documentation not being newbie-friendly?  Yeah.  Brace yourself and dive into RainerScript.

Anyway, I’m outta here.  Happy New Year!

One thought on “Suppressing messages in /var/log/syslog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s