Differences between revisions 10 and 12 (spanning 2 versions)
Revision 10 as of 2015-02-18 08:48:56
Size: 2021
Editor: ?JonasMeurer
Comment: Seems like systemd logs reloads of daemons as well, which is particularely annoying as logrotate reloads daemons on a regular basis. Example: "systemd[1]: Reloaded LSB: Apache2 web server."
Revision 12 as of 2015-06-14 17:51:36
Size: 2510
Editor: ?CharlesTeese
Comment: Changed [1] after systemd to be more generic.
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Reexecuting|Reloading)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: systemd [[:digit:]]+ running in system mode. \((\+[[:alnum:]]+ ?)+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Expecting device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Cleanup of Temporary Directories\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Run anacron jobs\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Reexecuting|Reloading)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: systemd [[:digit:]]+ running in system mode. \((\+[[:alnum:]]+ ?)+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Expecting device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Start(ing|ed) Cleanup of Temporary Directories\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Start(ing|ed) Run anacron jobs\.+$
Line 19: Line 19:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Start|Stopp)(ing|ed) User Manager for UID [0-9]+\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Created|Stopping|Removed)( slice)? (user|system)-[\\[:alnum:]]+\.slice\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user [[:alnum:]]+( by \(uid=[0-9]+\))?$
Line 25: Line 27:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Reload(ing|ed) LSB: .*\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Reload(ing|ed) LSB: .*\.$

This is page to collect logcheck rules for systemd.

ignore.d.server/systemd:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Started) Session [[:digit:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Reexecuting|Reloading)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: systemd [[:digit:]]+ running in system mode. \((\+[[:alnum:]]+ ?)+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Expecting device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Start(ing|ed) Cleanup of Temporary Directories\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Start(ing|ed) Run anacron jobs\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: New session [[:digit:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Removed session [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopping (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopped target (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting (Shutdown|Exit the Session\.\.|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Reached target (Shutdown|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Received SIGRTMIN\+24 from PID [[:digit:]]+ \(kill\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Startup finished in [[:digit:]]+ms\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Start|Stopp)(ing|ed) User Manager for UID [0-9]+\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Created|Stopping|Removed)( slice)? (user|system)-[\\[:alnum:]]+\.slice\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user [[:alnum:]]+( by \(uid=[0-9]+\))?$

Reloads by logrotate are logged to syslog by systemd as well. The following systemd rules ignore the systemd part of them. Additional rules for the reloaded/restarted daemons are required:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Reload(ing|ed) LSB: .*\.$