Running Ubuntu or some other Linux distro? Seeing lots of pointless messages in /var/log/syslog? Want to be able to stop/suppress/filter the entries from a particular program so that they don’t obscure the more important ones? I’ll show you how.
Lots of Linux users peek inside of the logs that accumulate in /var/log/ every-so-often to keep an aye on what’s going on under the hood. Most of the time things trundle along quite nicely, but occasionally some piece of software will behave badly and fill up your logs with all sorts of pointless garbage.
That happened to me today with Steam. I had a look inside of /var/log/syslog and saw over 1,500 entries like this (generated today alone):
Jan 1 10:18:48 SystemName steam.desktop[1390]: followed by... [INFO:crash_reporting.cc(216)] Crash reporting enabled for process: browser [WARNING:crash_reporting.cc(255)] Failed to set crash key: UserID with value: 0 [WARNING:crash_reporting.cc(255)] Failed to set crash key: BuildID with value: 1543263366 [WARNING:crash_reporting.cc(255)] Failed to set crash key: SteamUniverse with value: Public [WARNING:crash_reporting.cc(255)] Failed to set crash key: Vendor with value: Valve [ERROR:gpu_process_transport_factory.cc(1026)] Lost UI shared context. [INFO:crash_reporting.cc(239)] Crash reporting enabled for process: renderer [INFO:crash_reporting.cc(216)] Crash reporting enabled for process: gpu-process Startup - updater built Nov 26 2018 20:15:21 Verification complete Verifying installation... Background update loop checking for update. . . Checking for available updates... Downloading manifest: client-download.steampowered.com/client/steam_client_ubuntu12 Download skipped: /client/steam_client_ubuntu12 version 1543346820, installed version 1543346820 Nothing to do Shutdown Checking for update on startup Performing checksum verification of executable files CAPIJobRequestUserStats - Server response failed 2 CAppInfoCacheReadFromDiskThread took 43 milliseconds to initialize CApplicationManagerPopulateThread took 6 milliseconds to initialize (will have waited on CAppInfoCacheReadFromDiskThread) ExecCommandLine: "'/home/tim/.local/share/Steam/ubuntu12_32/steam'" ExecuteSteamURL: "steam://openurl/https://steamcommunity.com/my/gamecards/991980/" Exiting workitem thread Failed to init SteamVR because it isn't installed Fontconfig error: "/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", line 72: non-double matrix element Fontconfig warning: "/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", line 80: saw unknown, expected number Gtk-Message: Failed to load module "atk-bridge" Gtk-Message: Failed to load module "gail" Installing breakpad exception handler for appid(steam)/version(1543346820) JS method call Broadcast.RegisterForBroadcastStatus with 1 arguments JS method call Broadcast.RegisterForViewerRequests with 1 arguments JS method call FriendSettings.GetEnabledFeatures with 1 arguments JS method call FriendSettings.RegisterForSettingsChanges with 1 arguments JS method call Parental.RegisterForParentalSettingsChanges with 1 arguments JS method call SharedConnection.AllocateSharedConnection with 1 arguments JS method call SharedConnection.RegisterOnLogonInfoChanged with 2 arguments JS method call SharedConnection.RegisterOnMessageReceived with 2 arguments JS method call SharedConnection.SendMsgAndAwaitResponse with 3 arguments JS method call SharedConnection.SendMsg with 2 arguments JS method call SharedConnection.SubscribeToClientServiceMethod with 2 arguments JS method call SharedConnection.SubscribeToEMsg with 2 arguments JS method call Storage.GetString with 2 arguments JS method call WebChat.BSuppressPopupsInRestore with 1 arguments JS method call WebChat.GetCurrentUserAccountID with 1 arguments JS method call WebChat.GetOverlayChatBrowserInfo with 1 arguments JS method call WebChat.GetPushToTalkEnabled with 1 arguments JS method call WebChat.GetSignIntoFriendsOnStart with 1 arguments JS method call WebChat.GetWebChatLanguage with 1 arguments JS method call WebChat.GetWebChatURL with 1 arguments JS method call WebChat.RegisterForComputerActiveStateChange with 1 arguments JS method call WebChat.RegisterForFriendPostMessage with 1 arguments JS method call WebChat.RegisterForPushToTalkStateChange with 1 arguments JS method call WebChat.RegisterOverlayChatBrowserInfoChanged with 1 arguments JS method call WebChat.SetVoiceChatActive with 1 arguments message repeated 25 times: [ JS method call SharedConnection.SubscribeToClientServiceMethod with 2 arguments] message repeated 3 times: [ JS method call SharedConnection.SendMsgAndAwaitResponse with 3 arguments] message repeated 4 times: [ JS method call Storage.GetString with 2 arguments] message repeated 7 times: [ JS method call SharedConnection.SubscribeToEMsg with 2 arguments] message repeated 8 times: [ Installing breakpad exception handler for appid(steam)/version(1543346820)] migrating temporary roaming config store Opted-in Controller Mask for AppId 0: 0 Pins up-to-date! roaming config store loaded successfully - 2357 bytes. Running Steam on ubuntu 18.04 64-bit (steam:1678): Gtk-WARNING **: gtk_disable_setlocale() must be called before gtk_init() ** (steam:1678): WARNING **: Could not create object for /org/freedesktop/NetworkManager/Devices/1: unknown object type ** (steam:1678): WARNING **: Ignoring invalid property 'address-data' ** (steam:1678): WARNING **: Ignoring invalid property 'addr-gen-mode' ** (steam:1678): WARNING **: Ignoring invalid property 'autoconnect-priority' ** (steam:1678): WARNING **: Ignoring invalid property 'interface-name' ** (steam:1678): WARNING **: Ignoring invalid property 'route-data' ** (steam:1678): WARNING **: Ignoring invalid property 'wake-on-lan' ** (steam:1678): WARNING **: Unknown device type 14 ** (steam:1678): WARNING **: Unknown setting 'proxy' STEAM_RUNTIME is enabled automatically System startup time: 4.88 seconds
(Duplicates removed to save space.)
I mean, seriously??? Thousands of lines of ‘chatty’ crap that should never have been logged in the first place, or which I can’t fix or do anything about anyway. /sigh
Now, Steam isn’t the only program behaving badly, but it was the one that caught my eye, and it was the worst offender, so I decided to deal with it first.
Now, I’m using Ubuntu 18.04 and that uses rsyslog to do the logging. Nice program, but the documentation is definitely not friendly for newbies. It’s also aimed more at sysadmins who want to manage their logs in a different way.
If you just want to suppress the messages being generated by a specific program, then this is what you need to do:
First, use your favourite editor to edit rsyslog’s configuration file:
$ sudo nano /etc/rsyslog.d/50-default.conf
The top of the file will start with a bunch of commented lines. Comments all start with a #. My first uncommented line contained auth,authpriv.* /var/log/auth.log.
Add the following “expression-based filter” somewhere above/before your first uncommented line:
if ($programname == 'steam.desktop') then stop
It shouldn’t take a rocket scientist to work out what’s going on.
- $programname is a predefined message property that holds the name of the program.
- steam.desktop is the name of the program as it appears in /var/log/syslog entries like this:
- Jan 1 10:18:48 SystemName steam.desktop[1390]: Running Steam on ubuntu 18.04 64-bit
- stop directs rsyslog to take no further action with this message (i.e. it silently drops it and will not log it to a file).
Change the name of the program to be whatever you want to suppress messages from, and then save and exit the editor. (CTRL-X followed by Y followed by ENTER will do that for users new to nano.)
For the filter to take effect:
$ sudo service rsyslog restart
That’s it, you’re done! You’ll logs will never be sullied by messages from that application again. Enjoy the higher signal-to-noise ratio!
But wait…
Q: What if I only want to get rid of the ‘less important’ messages, and still receive all the ‘more serious’ ones?
A legitimate question. The answer relies on the developer of the program setting an appropriate ‘severity’ to their messages. That’s something you don’t have control over, so the following may not work, but you can try it anyway:
if ($programname == 'steam.desktop' and $syslogseverity > 5) then stop
By also testing the $syslogseverity property of the message you might be able to limit the messages you suppress to just the chatty/pointless ones.
The different severity levels, and what they correspond to, are as follows:
0 — emergencies — System unusable 1 — alerts — Immediate action required 2 — critical — Critical condition 3 — errors — Error conditions 4 — warnings — Warning conditions 5 — notifications — Normal but significant conditions 6 — informational — Informational messages 7 — debugging — Debugging messages
So — theoretically — testing for $syslogseverity > 5 should silently drop all informational and debugging messages, but let notifications, warnings and so-on through. Theoretically.
Q: What if I want to suppress messages based on something other than the $programname?
Yep, you can do that. A list of the various properties you can easily access is found here:
https://www.rsyslog.com/doc/v8-stable/configuration/properties.html
Expression-based filters are great in that they give you the freedom to be as arbitrarily complex as you like, and they should be familiar to anyone with any programming experience at all. But remember what I said about the documentation not being newbie-friendly? Yeah. Brace yourself and dive into RainerScript.
Anyway, I’m outta here. Happy New Year!
tp69 
One thought on “Suppressing messages in /var/log/syslog”