Hello! I am using syslog-ng 1.5.15 for a couple of days now on my Debian (woody/stable) system, but have some problems configuring it properly. I switched to syslog-ng because I've read that it is able to filter messages. I'd like to use it to filter the iptables stuff away from my console. Fortunately, I'm not the first with this problem, so I found some help in the archives and in newsgroups, leading me to the following setup: First, I modified the standard source for reading kernel messages (I tried this with file instead of pipe, too -- which one is preferred?): source src { unix-dgram("/dev/log"); pipe("/proc/kmsg"); internal(); }; Then I added some filters and destinations; f_netfilter recognizes iptables stuff by a custom log-prefix, while netfilter2 looks for common strings a message (i tried this because there are some log messages from iptables which seem not to be produced by my iptables script, however...): destination netfilter { file("/var/log/netfilter.log" owner("root") group("adm") perm(0640)); }; filter f_netfilter { match("netfilter: "); }; filter f_netfilter2 { match(".* (IN|OUT|SRC|DST|LEN|MAC|PROTO|WINDOW|TTL|TOS)=.*"); }; filter f_apic { match("APIC error on CPU"); }; Finally, I added some log paths: log { source(src); filter(f_netfilter); destination(netfilter); flags(final); }; log { source(src); filter(f_netfilter2); destination(netfilter); flags(final); }; log { source(src); filter(f_apic); destination(kern); flags(final); }; (My syslog-ng.conf lists first the sources, then destinations, filters, and finally logs. It's not mixed. I understood it this way that the order is only important for log statements. I hope this is correct.) After a reboot (I had problems with restarting it), there are messages directed to the netfilter log, and the messages log is kept clean too, but my console is still flooded! I commented out ALL the log paths of syslog-ng.conf and rebootet which results in empty log files but still console logging. Then I tried klogd -c 0 (which should stop klogd from logging to the console if it is not extremely important) as well as stopping klogd completely which has no visible effect either. So here's my question: Where are those console messages from? Is it possible to log them through syslog-ng and finally stop logging to the console? I really tried to help myself, so please excuse if this question was asked earlier -- I didn't found it! Thanks for your help!!! Alexander von Hedenstroem.
On Sun, Mar 09, 2003 at 01:11:13PM +0100, Alexander von Hedenstroem wrote:
I commented out ALL the log paths of syslog-ng.conf and rebootet which results in empty log files but still console logging.
Then I tried klogd -c 0 (which should stop klogd from logging to the console if it is not extremely important) as well as stopping klogd completely which has no visible effect either.
Comment out any destination lines with console in them (xconsole is a default debian destination IIRC). Now there should be no way for syslog-ng to send the kernel messages to the console. Another thing to consider is that perhaps these messages aren't going through /proc/kmesg but through STDOUT/STDERR. I've never really thought about stopping iptables output to the console before. Kill syslog-ng and see if they still go there. You might be on the wrong track with syslog. -- Nate Campi http://www.campin.net
On Sunday 09 March 2003 13:11, Alexander von Hedenstroem wrote:
Hello!
I am using syslog-ng 1.5.15 for a couple of days now on my Debian (woody/stable) system, but have some problems configuring it properly. I switched to syslog-ng because I've read that it is able to filter messages. I'd like to use it to filter the iptables stuff away from my console.
Prevent logging to the console: dmesg -n 1 Achim
I had added a bit more to my every growing syslog-ng.conf file. I have re-added all the text on filtering. While it may not be the best text in the world, I have attempted to document how to properly use filtering. Perhaps some of this can end up in the user documentation to help everyone else. Any questions or comments, please let me know. Thanks. You can find the new version here: ftp://ftp.cataphract.com/syslog/syslog-ng/syslog-ng/syslog-ng-1.6.0rc1/s yslog-ng.conf Richard
On Sat, Mar 15, 2003 at 10:53:05PM -0800, Richard E. Perlotto II wrote:
I had added a bit more to my every growing syslog-ng.conf file. I have re-added all the text on filtering. While it may not be the best text in the world, I have attempted to document how to properly use filtering. Perhaps some of this can end up in the user documentation to help everyone else.
Any questions or comments, please let me know. Thanks. You can find the new version here:
ftp://ftp.cataphract.com/syslog/syslog-ng/syslog-ng/syslog-ng-1.6.0rc1/syslog-ng.conf
This config file is updated at the FAQ site and will update from that source daily going forward. Thanks for the contribution Richard.
participants (4)
-
Achim Gsell
-
Alexander von Hedenstroem
-
Nate Campi
-
Richard E. Perlotto II