I'm trying to configure a remote log host for my servers (all CentOS 8). I added this on my central server
if $fromhost-ip == '123.123.123.123' then /var/log/{{hostname}}.log
Also I changed my client config to
*.* @@321.321.321.321:514/var/log/{{hostname}}.log
But when I try to run:
sudo logger "test"
It both logs on /var/log/hostname.log and /var/log/messages on my central remote server
It also floods the custom log file with
pam_unix(sudo:session): session opened for user root by admin(uid=0)
log message here
pam_unix(sudo:session): session closed for user root
How do I set my logs only to send to my custom log file? And how do I filter these pam messages to be not included?
Thank you
Best Answer
Logging to multiple locations is perfectly allowed, so if you did not change the default configuration which logs most things to
/var/log/messages
, then they will continue to be logged there.The config file
/etc/rsyslog.conf
contains, among other things:You might add a property-based filter to discard messages after you have logged them once, based on various properties of the message. For example: After logging it once, the property-based filter will discard the message, preventing later configurations from logging it (the tilde means to discard the message and not process it further):
You're getting pam messages, because you used
sudo
, not because you ranlogger
. You will get those every time you runsudo
. If you do not want to see them in the log, do not runsudo
. It isn't necessary to usesudo
to runlogger
anyway.