I was trying to avoid SOME of the zillion entries in /var/log/messages and I put in some suggested filters. for example /etc/rsyslog.d had ignore-session-slice.conf containing: --snip-- if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop --snip-- config line in rsyslog.conf: # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.warn;mail.none;authpriv.none;cron.none /var/log/messages but - I notice now that the ONLY lines in /var/log/messages come from pure-ftpd! and logger SOME TEXT adds nothing to /var/log/messages systemctl status rsyslog gives us: --snip-- ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-01-10 09:00:01 EST; 3h 4min ago Docs: man:rsyslogd(8) https://www.rsyslog.com/doc/ Main PID: 4056143 (rsyslogd) Tasks: 3 (limit: 1648793) Memory: 6.3M CGroup: /system.slice/rsyslog.service └─4056143 /usr/sbin/rsyslogd -n Jan 10 09:00:01 ns10.cdbsystems.com rsyslogd: [origin software="rsyslogd" swVersion="8.1911.0-6.el8" x-pid="4056143" x-info="https://www.rsyslog.com"] start Jan 10 09:00:01 ns10.cdbsystems.com rsyslogd: imjournal: journal files changed, reloading... [v8.1911.0-6.el8 try https://www.rsyslog.com/e/0 ] --snip-- now I love a nice small messages file as much as even Th0m - but something seems to be wrong here! where are my messages going? I did move the files in rsyslog.d to a different folder and systemctl restart rsyslogd but I get no messages even though the filters are now removed! any ideas?