Any possibility to skip systemd-journal log entries? (was: rsyslog filters are not working)

Dear All,

I have been trying to suppress a very disturbing log message that is flooding my logs during Teams (Web) video calls.

For the reasons behind this, see a similar bugreport here: teams-for-linux/issues/1023 and here: teams-for-linux/issues/367. Basically the WebRTC-streamer library is constantly logging an error for each incoming video frame if there is something not supported properly in the video card / driver. I suspect some drivers from updates/rpmfusion-free-updates are not working properly with my amdgpu.
But that is not the main topic of this post.

System: Fedora KDE 39, up to date, freshly installed 1 month ago
Machine: Lenovo T14s Gen3 AMD edition

My logs are getting close to gigabytes if I have many video calls in a day.
In an attempt to filter these out, I have added the following to
/etc/rsyslog.d/99-filter-plasmashell.conf:

if $msg contains 'Streams with pred_weight_table unsupported' then {
    stop
}

I also tried with the older syntax, and only keeping one keyword:

:msg, contains, "pred_weight_table" ~

After every change, I have reloaded rsyslog with:
sudo systemctl restart rsyslog

Unfortunately, the messages are still getting printed:
journalctl --boot=-4 --grep="Streams with pred_weight_table unsupported"

Feb 23 11:00:33 hostname plasmashell[3333]: [3441:3:0223/110033.144761:ERROR:h264_bitstream_parser.cc(187)] Streams with pred_weight_table unsupported.
Feb 23 11:00:33 hostname plasmashell[3333]: [3441:3:0223/110033.144869:ERROR:h264_bitstream_parser.cc(187)] Streams with pred_weight_table unsupported.
Feb 23 11:00:33 hostname plasmashell[3333]: [3441:3:0223/110033.144922:ERROR:h264_bitstream_parser.cc(187)] Streams with pred_weight_table unsupported.
Feb 23 11:00:33 hostname plasmashell[3333]: [3441:3:0223/110033.144970:ERROR:h264_bitstream_parser.cc(187)] Streams with pred_weight_table unsupported.
.... and a lot more ....

If I intentionally make a syntax error in the conf file then it is reported accordingly in the status of rsyslog at its restart, which means that the conf file is picked up properly by rsyslog.

Do you know why the filter might still not be working or what am I doing wrong?

Thank you very much for the support,
Regards,
vatta

Are you expecting an rsyslog conf to change what appears in the journal?

The logs flow first to the journal then, if you have rsyslog installed and setup, second into rsyslog.

Ohh… I didn’t know that…
This is a regular Fedora installation, I did not change anything on that front, rsyslog was already installed, but then I wonder what is the use of it as a secondary log system…

Anyway, is there a way then to filter the systemd-journal logs? (i.e. to skip writing entries into the log file based on their content.)

Thanks!

I think the only reason for rsyslog being installed is to provide the legacy /var/log/* log files that some people expect, like /var/log/messages and /var/log/secure.

You prompted me to see why rsyslog was installed at all.
I just dnf remove rsyslog and nothing breaks in a VM and nothing breaks that I can see.

I’ll go do that on all my Fedora systems as I always use journalctl to access logs.

Turns out I remove rsyslog from most of my fedora systems a while ago.
But I checked that I had clean up all the /var/log/* files that rsyslog created and had missed some. I wrote this script to remove rsyslog and the log files.

$ cat bin/remove-rsyslog
#!/bin/bash
if [[ -e /usr/sbin/rsyslogd ]]
then
    dnf remove rsyslog -y
fi

rm -f -v \
/var/log/messages \
/var/log/secure \
/var/log/maillog \
/var/log/cron \
/var/log/spooler \
/var/log/boot.log \
;

Thank you, for the script.

On the other hand, my main objective remains to discard (filter out) some logs from journalctl that are flooding in (during video calls). Do you maybe know if that’s possible?

Maybe set the rate limit see journald.conf