Rsyslog to clean up /var/log/messages

Situation: Not all applications and utilities have been developed to log their messages intelligently or to their own location.

Complication: This can lead to logging bloat, especially for messages that are purely informational and noisy. /var/log/messages can be overwhelmed by this and can make it harder to figure out actual problems.

Question: How can you redirect messages to clean up /var/log/messages?

Answer: rsyslog to the rescue!


For the purposes of this post I will be analyzing the program amazon-ssm-agentThis is an Amazon proprietary program necessary to run AWS Run Command. This is a good example because it was developed to have it’s own log file, but also still fills /var/log/messages. We will:

  1. Go through the workflow of syslog, systemd and how messages get into logs
  2. Look at messages in /var/log/messages that need to be filtered
  3. Configure rsyslog to send all application logs to it’s own file
  4. Use logrotate to create a good policy for how long logs stay around
  5. Celebrate clean logs


ADCLI on CentOS 6

If you are trying to bind a Linux machine to Active Directory, a very simple tool to use is ADCLI. You can use it to join servers, query AD, and also add/delete objects. It is not currently available through the yum repos, however. Here’s how to get past that:

  1. Download
  2. You’ll need to rebuild the source rpm like this:
    1. rpmbuild –rebuild adcli-0.8.1-1.el6.src.rpm
  3. You may end up with needing other dependencies such as openldap-devel and xmlto (and potentially others). You can install these through yum:
    1. yum install -y openldap-devel xmlto
  4. To bind a new server:
    1. adcli join -U <ADadminUser> domain
    2. Enter password
  5. Verify the bind was a success by querying AD:
    1. adcli info <domain>

You should now be able to login with any AD user on that machine and do application level Active Directory integration