Monday, June 4, 2012
In a previous article I spoke about the search for a logging system. Having decided on Loggly, I needed a way to integrate logging in both my API and application.
All of my servers needed to be set up to pass syslog messages onto Loggly. I was using Ubuntu and there was an easy walk through on the Loggly wiki here. I grouped all of my servers in the "Production" group so that all logs were searchable under one group. I could have separated the groups (or inputs as Loggly calls them) into an "Application" and "API" group but thought that combining them together would help me search for issues more efficiently.
After the initial setup, I found that cron messages were immediately filling up my logs with unnecessary information. Messages similar to the one below were common.
pam_unix(cron:session): session opened for user root by (uid=0)
I wanted to remove those messages from Loggly. I had to go into /etc/syslog-ng/syslog-ng.conf and edit the filters to ignore cron messages.