[CentOS] CentOS 7: System log has repeated lines: Started session 123 of user root.

Thu Aug 11 17:21:56 UTC 2016
therbur <fxb7-ox9n at dea.spamcon.org>

therbur <fxb7-ox9n at dea.spamcon.org> wrote:

>therbur <fxb7-ox9n at dea.spamcon.org> wrote:
>
>>The system log (/var/log/messages) of a CentOS 7.2 system has
>>frequently-repeated message line pairs like:
>>
>>Jul 18 14:00:01 localhost systemd: Started Session 307 of user root.
>>Jul 18 14:00:01 localhost systemd: Starting Session 307 of user root.
>>
>>where the session number increases each time.
>>
>>Looking around on this, e.g. Red Hat Bugzilla bug 727315, it looks like
>>it's when crond starts a task; it looks like it might be fixed - I would
>>think that would be in CentOS but don't know how to find/compare the
>>Fedora and CentOS systemd versions to know for sure.
>>
>>I found a post on a workaround - in /etc/systemd/system.conf to change the
>>line:
>>
>>#LogLevel=info
>>
>>to:
>>
>>LogLevel=notice
>>
>>I did that and rebooted, and it has stopped the messages.
>>
>>I'm worried though that this may have knocked out something of actual
>>interest from the syslog.
>>
>>So my question is, is there a better way?  A way that info messages could
>>go to some other log, or better yet, a way that those particular "session"
>>messages, and only those, could go to some other log or be filtered out?
>
>No replies - any tips/ideas on where to look next?

I dug into this further.  I backed out the change above, and instead added
filter files in /etc/rsyslog.d to knock out those root session lines, and
related ones, and other ones, so that the syslog is no longer filled up
with the useless junk noise.  First .conf filter file content:

if $programname == "systemd" and ($msg contains "Starting Session" or $msg
contains "Started Session" or $msg contains "Created slice" or $msg
contains "Starting user-") then stop

Second one:

if ($programname == "dbus" or $programname == "dbus-daemon") and (($msg
contains "Activating service name=" or $msg contains "Successfully
activated service ") and $msg contains "org.freedesktop.problems") then
stop