服务器(centos8)在用户登录的时候会出现一些登录日志。
example.com systemd[1]: Started /run/user/0 mount wrapper.
example.com systemd[1]: Created slice User Slice of UID 0.
example.com systemd[1]: Starting User Manager for UID 0...
example.com systemd[1]: Started Session 51 of user root.
example.com systemd[20871]: Starting D-Bus User Message Bus Socket.
example.com systemd[20871]: Reached target Timers.
example.com systemd[20871]: Reached target Paths.
example.com systemd[20871]: Listening on D-Bus User Message Bus Socket.
example.com systemd[20871]: Reached target Sockets.
example.com systemd[20871]: Reached target Basic System.
example.com systemd[20871]: Reached target Default.
example.com systemd[20871]: Startup finished in 51ms.
example.com systemd[1]: Started User Manager for UID 0.
example.com systemd[1]: session-51.scope: Succeeded.
example.com systemd[1]: Stopping User Manager for UID 0...
example.com systemd[20871]: Stopped target Default.
example.com systemd[20871]: Stopped target Basic System.
example.com systemd[20871]: Stopped target Sockets.
example.com systemd[20871]: Stopped target Paths.
example.com systemd[20871]: dbus.socket: Succeeded.
example.com systemd[20871]: Closed D-Bus User Message Bus Socket.
example.com systemd[20871]: Reached target Shutdown.
example.com systemd[20871]: Starting Exit the Session...
example.com systemd[20871]: Stopped target Timers.
example.com systemd[1]: user@0.service: Killing process 20967 (systemctl) with signal SIGKILL.
example.com systemd[1]: user@0.service: Succeeded.
example.com systemd[1]: Stopped User Manager for UID 0.
example.com systemd[1]: Stopping /run/user/0 mount wrapper...
example.com systemd[1]: Removed slice User Slice of UID 0.
example.com systemd[1]: run-user-0.mount: Succeeded.
example.com systemd[1]: user-runtime-dir@0.service: Succeeded.
example.com systemd[1]: Stopped /run/user/0 mount wrapper.
- 通过下面命令生成rsyslog的过滤规则;
echo 'if $programname == "systemd" and ($msg contains "Started /run/$msg" or
$msg contains "Starting Session" or $msg contains "Started Session" or $msg
contains "Created slice User" or $msg contains "Starting User Manager" or $msg
contains "Starting User" or $msg contains "Starting D-Bus" or $msg contains
"Reached target" or $msg contains "Listening on D-Bus" or $msg contains
"Startup finished" or $msg contains "session-" or $msg contains "Stopping User
Manager" or $msg contains "Stopped target" or $msg contain "dbus.socket" or
$msg contains "Stopped target " or $msg contains "Removed session" or $msg
contains "Removed slice User Slice of" or $msg contains "Stopped /run/user" or
$msg contains "Stopped User Manager" or $msg contains "Stopping User Slice of" ) then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
根据实际情况, 新增相关过滤规则即可
$msg contains "Started /run/$msg" or ...
- 2. 重启 rsyslog 服务
systemctl restart rsyslog
参考及引用:
https://access.redhat.com/solutions/1564823
图片 :台灣野鳥攝影 Photo-eye 鳥訊-李國榮