how to avoid logging to consoles?
hi all i'm trying to configure syslog-ng for logging events from firewall everything works fine, except one thing: all messages appear on all my consoles how can i avoid that? it makes impossible working with the console, logs appear even while editing files and situation does't change when i comment out all "log" entries in the syslog-ng.conf file please, any ideas:) my syslog-ng.conf: options { use_fqdn(yes); use_dns(no); chain_hostnames(yes); use_time_recvd(no); # sync(10); perm(0640); owner("root"); group("root"); create_dirs(yes); dir_perm(0750); dir_owner("root"); dir_group("root"); }; source syslog { unix-stream("/dev/log"); }; source kernel { file("/proc/kmsg"); }; source syslog-ng { internal(); }; destination firewall { file("/spool/$HOST/$YEAR/$MONTH/$DAY/firewall"); }; destination kernel { file("/spool/$HOST/$YEAR/$MONTH/$DAY/kernel"); }; destination invalid { file("/spool/unknown/$YEAR/$MONTH/$DAY/invalid"); }; destination postfix { file("/spool/$HOST/$YEAR/$MONTH/$DAY/postfix"); }; destination cron { file("/spool/$HOST/$YEAR/$MONTH/$DAY/cron"); }; destination generic { file("/spool/$HOST/$YEAR/$MONTH/$DAY/$PROGRAM"); }; destination syslog-ng { file("/spool/$HOST/$YEAR/$MONTH/$DAY/syslog-ng"); }; destination misc { file("/spool/$HOST/$YEAR/$MONTH/$DAY/misc"); }; ## kernel filter firewall { match("IN=") and match("OUT=") and match("PROTO="); }; filter notfirewall { not match("IN=") and not match("OUT=") and not match("PROTO="); }; log { source(kernel); filter(firewall); destination(firewall); }; log { source(kernel); filter(notfirewall); destination(kernel); }; ## internal log { source(syslog-ng); destination(syslog-ng); }; ## syslog filter invalid { not host("^syslog@[a-z]+$"); }; filter postfix { host("^syslog@[a-z]+$") and program("^postfix/"); }; filter cron { host("^syslog@[a-z]+$") and program("^(/USR/SBIN/CRON|/usr/sbin/cron)$"); }; filter generic { host("^syslog@[a-z]+$") and program("^([a-z][a-z._-]*)$"); }; log { source(syslog); filter(invalid); destination(invalid); }; log { source(syslog); filter(postfix); destination(postfix); }; log { source(syslog); filter(cron); destination(cron); }; log { source(syslog); filter(generic); destination(generic); }; log { source(syslog); destination(misc); flags(fallback); }; i'm running linux debian 2.6.11.8 testing thanks in advance, iv
On Mon, 2005-05-23 at 17:15 +0200, iv wrote:
hi all i'm trying to configure syslog-ng for logging events from firewall everything works fine, except one thing: all messages appear on all my consoles how can i avoid that? it makes impossible working with the console, logs appear even while editing files and situation does't change when i comment out all "log" entries in the syslog-ng.conf file please, any ideas:)
short answer: "dmesg -n1" long answer: syslog-ng does not change kernel logging parameters on its own, which is performed automatically by klogd. but you can do the same using dmesg. -- Bazsi
Hi man dmesg Use the -n arg, which will do what you want. You will probably need to add this to a startup script. Use update-rc.d for that, or make yourself a .deb if you must. On Mon, May 23, 2005 at 05:15:34PM +0200, iv wrote:
hi all i'm trying to configure syslog-ng for logging events from firewall everything works fine, except one thing: all messages appear on all my consoles how can i avoid that? it makes impossible working with the console, logs appear even while editing files and situation does't change when i comment out all "log" entries in the syslog-ng.conf file please, any ideas:)
my syslog-ng.conf:
options { use_fqdn(yes); use_dns(no); chain_hostnames(yes); use_time_recvd(no); # sync(10);
perm(0640); owner("root"); group("root"); create_dirs(yes); dir_perm(0750); dir_owner("root"); dir_group("root"); };
source syslog { unix-stream("/dev/log"); };
source kernel { file("/proc/kmsg"); };
source syslog-ng { internal(); };
destination firewall { file("/spool/$HOST/$YEAR/$MONTH/$DAY/firewall"); };
destination kernel { file("/spool/$HOST/$YEAR/$MONTH/$DAY/kernel"); };
destination invalid { file("/spool/unknown/$YEAR/$MONTH/$DAY/invalid"); };
destination postfix { file("/spool/$HOST/$YEAR/$MONTH/$DAY/postfix"); };
destination cron { file("/spool/$HOST/$YEAR/$MONTH/$DAY/cron"); };
destination generic { file("/spool/$HOST/$YEAR/$MONTH/$DAY/$PROGRAM"); };
destination syslog-ng { file("/spool/$HOST/$YEAR/$MONTH/$DAY/syslog-ng"); };
destination misc { file("/spool/$HOST/$YEAR/$MONTH/$DAY/misc"); };
## kernel filter firewall { match("IN=") and match("OUT=") and match("PROTO="); };
filter notfirewall { not match("IN=") and not match("OUT=") and not match("PROTO="); };
log { source(kernel); filter(firewall); destination(firewall); };
log { source(kernel); filter(notfirewall); destination(kernel); };
## internal log { source(syslog-ng); destination(syslog-ng); };
## syslog filter invalid { not host("^syslog@[a-z]+$"); };
filter postfix { host("^syslog@[a-z]+$") and program("^postfix/"); };
filter cron { host("^syslog@[a-z]+$") and program("^(/USR/SBIN/CRON|/usr/sbin/cron)$"); };
filter generic { host("^syslog@[a-z]+$") and program("^([a-z][a-z._-]*)$"); };
log { source(syslog); filter(invalid); destination(invalid); };
log { source(syslog); filter(postfix); destination(postfix); };
log { source(syslog); filter(cron); destination(cron); };
log { source(syslog); filter(generic); destination(generic); };
log { source(syslog); destination(misc); flags(fallback); };
i'm running linux debian 2.6.11.8 testing
thanks in advance, iv _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- # Jesse Molina # Mail = jesse@opendreams.net # Page = page-jesse@opendreams.net # Cell = 1.602.323.7608 # Web = http://www.opendreams.net/jesse/
participants (3)
-
Balazs Scheidler
-
iv
-
Jesse Molina