I used to run RIPE Atlas probes and then removed it from all devices.
A few days ago I reinstalled it on one of them, because I got low on credits, and because I didn’t remember the reason I removed them everywhere a few years ago.
As soon as it ran, the reason why I removed them became apparent again. The software spams the system log massively.
There was an thread once about this …
How can I prevent Atlas Probe writing to Syslog?.
But it didn’t lead to a solution. So here is another approach:
Create a file /etc/syslog-ng.d/ripe-atlas.pre-conf:
# Write log messages from RIPE Atlas into a separate file to keep system logs readable.
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
# Filter for RIPE Atlas logs
filter f_ripe_atlas { program("perd"); };
# Destination file for RIPE Atlas logs
destination d_ripe_atlas { file("/var/log/ripe-atlas.log"); };
# Log path for RIPE Atlas logs
log {
source(src);
filter(f_ripe_atlas);
destination(d_ripe_atlas);
flags(final);
};
We also have to change the original /etc/syslog-ng.conf, since they things are laid out there, you just would get them on both logs.
Add the following lines, before the line # General log path for all other logs:
...
# Include any user settings before the output to the main log file,
# so that s/he can override theat they don't end up in the main log file.
@include "/etc/syslog-ng.d/*.pre-conf"
# General log path for all other logs
log {
source(src);
source(net);
source(kernel);
destination(messages);
# uncomment this line to open port 514 to receive messages
#source(s_network);
};
...
I also changed the lines at the end of /etc/syslog-ng.conf, so including after the main system log, still remains possible.
...
# Include any user settings last so that s/he can override or
# supplement all "canned" settings inherited from the distribution.
@include "/etc/syslog-ng.d/*.conf" # Put any customization files in this directory
Testing before restarting the syslog service is highly recommended:
$ syslog-ng --syntax-only; echo $?
If it looks okay:
$ syslog-ng --syntax-only && /etc/init.d/syslog-ng restart
You can the check it out by comparing tail -f /srv/log/ripe-atlas.log with the output of logread -f.
