This article describes how to suppress repetitive non-impacting messages, and also provides a method for filtering out these messages into a separate file.

 

Syslog files fill up with non-impacting messages. In order to keep better control, users need a way to suppress repetitive non-impacting messages from being written to these log files.

 

In order to prevent certain syslog messages from being written to the log file, use the match command under the [system syslog] hierarchy to match any Regular Expression. The example below prevents any log message that has the text "PCF" from being written to the messages file. The match command is also available for matching syslog entries sent to a syslog host or to a user.

Example-1

user@lab-re0# show system syslog
user * {
    any emergency;
}
 file messages {
    any notice;
    match "!(.*PCF.*)";
}

Example-2

This example shows how to prevent multiple log entries from getting logged to a file.

user@lab-re0# show system syslog
user * {
     any emergency;
}
file messages {
     any any;
     match "!(.*RT_FLOW_SESSION.*|.*LICENSE_EXPIRED_KEY_DELETED.*)"
}

With this configuration, we can prevent RT_FLOW_SESSION and LICENSE_EXPIRED_KEY_DELETED messages from getting logged into the messages file.

Note: Any log entries that are prevented from being written to the log file will be lost and cannot be recovered.

Example-3

Optionally, if all messages are still required and an easy-to-track file is additionally needed, creating a new syslog file could be helpful.

user@lab-re0# show system syslog
user * {
    any emergency;
}
file messages {
    any notice;
}
file messages_no_PCF {
    any notice;
    match "(.*PCF.*)";
}

This way, you get a small file to look at without having to permanently lose the other messages.

 

2020-02-18: Removed "!" from Example 3.

2020-02-05: Article reviewed for accuracy; minor non-technical changes made; article is correct and complete