How to remove syslog entries

Hi,

I have hundreds of syslog entries generated by new devices connected to the network with incorrect time.
My mistake was that I configured the syslog first, then ntp which caused the issue.

How can I get rid of these entries?

Example:
2018-08-05 04:34:25
10.150.50.16 DHCP DHCP server responded. 0
2018-08-05 04:34:15
10.150.50.8 DHCP DHCP server responded. 0
2018-08-03 06:11:42
10.150.50.32 DHCP DHCP server responded. 0
2018-08-03 06:11:35
10.150.50.31 DHCP DHCP server responded. 0
2018-08-03 06:11:32
10.150.50.7 DHCP DHCP server responded.

Only by purging the database table for Syslog as I know.

TRUNCATE table syslog;

1 Like

also,

To get around the problem that devices send an invalid timestamp, I changed the logging behavior on my LibreNMS
In /etc/syslog-ng/syslog-ng.conf I changed the date-strings which are fed into the database to the date when the message was received, not the timestamp provided in the syslog message:
destination d_librenms {
program(“/opt/librenms/syslog.php” template (“$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n”) template-escape(yes));
};
Tha “R_” in the date-components changes this logging behavior from the “S_” date components which are used by default.

2 Likes

That did the trick thanks,

I also amended syslog-ng.conf as you suggested. Thanks again.

1 Like

Thanks @Kevin_Krumm I was having to go and delete entries every now and then.
Unifi APs seem to send a number of syslog messages before they have synced their clocks on boot.

This is a better fix.

Have a like.

1 Like