Hi
It happened again and I actually had some free time in the calendar, so I gave it a go.
In the /etc/rsyslog.d/30-observium there is this:
# observium RuleSets
ruleset(name="observium") {
action(type="omprog"
binary="/opt/observium/syslog.php"
template="observium")
stop
}
I have changed it to this:
ruleset(name="observium") {
if $syslogseverity <= '5' then action(type="omprog" binary="/opt/observium/syslog.php" template="observium")
stop
}
As one can probably glean from the stuff above, this filters out severity 6 (informational) and 7 (debug). Saving us from millions of rows added to the syslog table daily.
Lars
From: Lars Joergensen via observium <observium@lists.observium.org>
Sent: 13. januar 2023 19:49
To: Observium <observium@observium.org>
Cc: Lars Joergensen <DKLARJ@chr-hansen.com>
Subject: [Observium] Ignore priority 7 syslog
Hi
Some unfortunate soul enabled BGP debugging on a device and then forgot all about it.
I’m now trying to delete 76 million records from the syslog database..
Is there a way to ignore syslog messages with priority 7 in the syslog import in Observium? It’ll probably happen again someday.
Lars
Disclaimer: This e-mail, including any attachments, is for the intended recipient only. If you have received this e-mail by mistake please notify the sender immediately by return e-mail and delete this e-mail and any attachments, without
opening the attachments, from your system. Access, disclosure, copying, distribution or reliance on any part of this e-mail by anyone else is prohibited. This e-mail is confidential and may be legally privileged. Chr. Hansen does not represent and/or warrant
that the information sent and/or received by or with this e-mail is correct and does not accept any liability for damages related thereto.
https://www.chr-hansen.com/en/legal-notice