This article provides information on how to prevent two or more specific messages from being written to the syslog file.
Customers may already know how to use the match option to block a specific syslog message from logging to a syslog file; but they do not know the syntax to block two or more specific messages. This article provides information on how to achieve this goal.
To block two or more specific messages logged into a syslog file, the following syntax can be used:
match "!(keywords|keyword2|keyword3)";
For example, the following syslog messages are harmless, but annoying as they may be generated frequently:
-
Aug 26 11:52:42 EX4200 /kernel: vlan MAC filter: 01:00:5e:00:00:12 from port ge-0/0/23 rejected"
-
Sep 6 10:00:20 EX4200 fpc0 Failed to find MC RT_NH entry (idx 8) for aging
-
Jan 12 20:00:46 EX4200 fpc0 Resolve request came for an address matching on Wrong nh nh:1050, type:Hold...?
To exclude these kind of messages from being written to the /var/log/messages file, try to find the keyword from each of them.
For example, vlan MAC filter for keyword 1, Failed to find MC RT_NH entry for keyword 2, and matching on Wrong nh for keyword 3. Then the following configuration example could implement such a requirement:
{master:0}[edit]
lab@EX4200-48T# show system syslog
user * {
any emergency;
}
file messages {
any notice;
authorization info;
match "!(vlan MAC filter|Failed to find MC RT_NH entry|matching on Wrong nh)";
}
file interactive-commands {
interactive-commands any;
}
2020-02-24: Article checked for accuracy; article found to be relevant and valid; no changes made