On Amazon Linux in AWS's EC2 service, it uses a very short DHCP lease time, meaning that /var/log/messages gets lines in it every couple of minutes from the dhclient and ec2net services. How can I exclude those from logging, so any important log messages don't get lost in the noise (and while it's not that much disk space, it just seems like a waste, and extra logging to Cloudwatch Logs that I don't really need). Presumably, if I end up running into trouble with it getting an IP address, I can turn the logging back on (if I can get back onto the box at all).
These kinds of messages are the ones being repeated every couple of minutes:
Jun 8 09:14:49 server-name dhclient[2206]: PRC: Renewing lease on eth0.
Jun 8 09:14:49 server-name dhclient[2206]: XMT: Renew on eth0, interval 9900ms.
Jun 8 09:14:49 server-name dhclient[2206]: RCV: Reply message on eth0 from fe80::my:link:locl:addr.
Jun 8 09:14:49 server-name ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/0a:91:b3:my:mac:addr/local-ipv4s
Jun 8 09:14:49 server-name ec2net: [rewrite_aliases] Rewriting aliases of eth0
Jun 8 09:14:49 server-name ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/0a:91:b3:my:mac:addr/subnet-ipv4-cidr-block
Best Answer
This just involves telling the logging system to ignore messages from
dhclientandec2net. Edit the/etc/rsyslog.conffile, and after the#### RULES ####line and before the lines defining logging for the other files, add these two lines:The
~indicates "don't log this" per thersyslog.confman page.Then, run
service rsyslog restartto have the system restart the logging daemon.For Amazon Linux 2, rsyslogd has been updated to support the somewhat more intuitive "stop" keyword, so you can use these lines instead:
And restart the service with
systemctl restart rsyslog.