- Red Hat Enterprise Linux (RHEL) 7, 8, 9
On my newly installed system I am seeing the following in
/var/log/messagesand journal all the time
Jul 24 08:50:01 example.com systemd: Created slice user-0.slice. Jul 24 08:50:01 example.com systemd: Starting Session 150 of user root. Jul 24 08:50:01 example.com systemd: Started Session 150 of user root. Jul 24 09:00:01 example.com systemd: Created slice user-0.slice. Jul 24 09:00:02 example.com systemd: Starting Session 151 of user root. Jul 24 09:00:02 example.com systemd: Started Session 151 of user root.
To suppress these log entries in
/var/log/messagesand journal you have following options:
enable lingering for the user so
systemd --userinstance will continue running even when user has no active sessions:
# loginctl enable-linger testuser
restrict logging for systemd user manager for the user:
# mkdir /email@example.com # cat > /firstname.lastname@example.org/logging.conf <<EOF [Service] LogLevelMax=notice EOF
restrict logging for systemd user manager globally:
# sed -i -e 's/#LogLevel=info/LogLevel=notice/' /etc/systemd/user.conf
in RHEL 7, create a discard filter with rsyslog, e.g., run the following command:
echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
Then restart the rsyslog service:
systemctl restart rsyslog
Note In case above rule only works for local syslog logging (
/var/log/messages) but doesn't work for remote syslog server then we can understand this rule is read after syslog events are sent to syslog server. So in order to avoid this add the rule directly in rsyslog.conf above the line of remote syslog sending configuration.
(*.* @@sys-log server)
- These messages are normal and expected -- they will be seen any time a user logs in or e.g. a
cronjob is executed for the user
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.