Logs flooded with systemd messages: Created slice, Starting Session

Resolution

• To suppress these log entries in /var/log/messages and journal you have following options:

  • enable lingering for the user so systemd --user instance will continue running even when user has no active sessions:

    # loginctl enable-linger testuser
    

  • restrict logging for systemd user manager for the user:

    # mkdir /etc/systemd/system/user@1000.service.d
    # cat > /etc/systemd/system/user@1000.service.d/logging.conf <<EOF
    [Service]
    LogLevelMax=notice
    EOF
    

  • restrict logging for systemd user manager globally:

    # sed -i -e 's/#LogLevel=info/LogLevel=notice/' /etc/systemd/user.conf
    

  • in RHEL 7, create a discard filter with rsyslog, e.g., run the following command:

    echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
    

    Then restart the rsyslog service:

    systemctl restart rsyslog
    

    Note In case above rule only works for local syslog logging (/var/log/messages) but doesn't work for remote syslog server then we can understand this rule is read after syslog events are sent to syslog server. So in order to avoid this add the rule directly in rsyslog.conf above the line of remote syslog sending configuration. (*.* @@sys-log server)