服务器(centos8)在用户登录的时候会出现一些登录日志。
example.com systemd[1]: Started /run/user/0 mount wrapper. example.com systemd[1]: Created slice User Slice of UID 0. example.com systemd[1]: Starting User Manager for UID 0... example.com systemd[1]: Started Session 51 of user root. example.com systemd[20871]: Starting D-Bus User Message Bus Socket. example.com systemd[20871]: Reached target Timers. example.com systemd[20871]: Reached target Paths. example.com systemd[20871]: Listening on D-Bus User Message Bus Socket. example.com systemd[20871]: Reached target Sockets. example.com systemd[20871]: Reached target Basic System. example.com systemd[20871]: Reached target Default. example.com systemd[20871]: Startup finished in 51ms. example.com systemd[1]: Started User Manager for UID 0. example.com systemd[1]: session-51.scope: Succeeded. example.com systemd[1]: Stopping User Manager for UID 0... example.com systemd[20871]: Stopped target Default. example.com systemd[20871]: Stopped target Basic System. example.com systemd[20871]: Stopped target Sockets. example.com systemd[20871]: Stopped target Paths. example.com systemd[20871]: dbus.socket: Succeeded. example.com systemd[20871]: Closed D-Bus User Message Bus Socket. example.com systemd[20871]: Reached target Shutdown. example.com systemd[20871]: Starting Exit the Session... example.com systemd[20871]: Stopped target Timers. example.com systemd[1]: user@0.service: Killing process 20967 (systemctl) with signal SIGKILL. example.com systemd[1]: user@0.service: Succeeded. example.com systemd[1]: Stopped User Manager for UID 0. example.com systemd[1]: Stopping /run/user/0 mount wrapper... example.com systemd[1]: Removed slice User Slice of UID 0. example.com systemd[1]: run-user-0.mount: Succeeded. example.com systemd[1]: user-runtime-dir@0.service: Succeeded. example.com systemd[1]: Stopped /run/user/0 mount wrapper.
- 通过下面命令生成rsyslog的过滤规则;
echo 'if $programname == "systemd" and ($msg contains "Started /run/$msg" or $msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice User" or $msg contains "Starting User Manager" or $msg contains "Starting User" or $msg contains "Starting D-Bus" or $msg contains "Reached target" or $msg contains "Listening on D-Bus" or $msg contains "Startup finished" or $msg contains "session-" or $msg contains "Stopping User Manager" or $msg contains "Stopped target" or $msg contain "dbus.socket" or $msg contains "Stopped target " or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopped /run/user" or $msg contains "Stopped User Manager" or $msg contains "Stopping User Slice of" ) then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
根据实际情况, 新增相关过滤规则即可
$msg contains "Started /run/$msg" or ...
- 2. 重启 rsyslog 服务
systemctl restart rsyslog
参考及引用:
https://access.redhat.com/solutions/1564823
图片 :台灣野鳥攝影 Photo-eye 鳥訊–李國榮
Comments are closed.