[syslog-ng]How to disable logging to the console?

Alexander von Hedenstroem syslog-ng@lists.balabit.hu
Sun, 09 Mar 2003 13:11:13 +0100 

Hello!

I am using syslog-ng 1.5.15 for a couple of days now on my Debian
(woody/stable) system, but have some problems configuring it properly. I
switched to syslog-ng because I've read that it is able to filter messages.
I'd like to use it to filter the iptables stuff away from my console.
Fortunately, I'm not the first with this problem, so I found some help in
the archives and in newsgroups, leading me to the following setup:

First, I modified the standard source for reading kernel messages (I tried
this with file instead of pipe, too -- which one is preferred?):
source src { unix-dgram("/dev/log"); pipe("/proc/kmsg"); internal(); };

Then I added some filters and destinations; f_netfilter recognizes iptables
stuff by a custom log-prefix, while netfilter2 looks for common strings a
message (i tried this because there are some log messages from iptables
which seem not to be produced by my iptables script, however...):
destination netfilter { file("/var/log/netfilter.log" owner("root")
group("adm") perm(0640)); };
filter f_netfilter { match("netfilter: "); };
filter f_netfilter2 { match(".*
(IN|OUT|SRC|DST|LEN|MAC|PROTO|WINDOW|TTL|TOS)=.*"); };
filter f_apic { match("APIC error on CPU"); };

Finally, I added some log paths:
log { source(src); filter(f_netfilter); destination(netfilter);
flags(final); };
log { source(src); filter(f_netfilter2); destination(netfilter);
flags(final); };
log { source(src); filter(f_apic); destination(kern); flags(final); };

(My syslog-ng.conf lists first the sources, then destinations, filters, and
finally logs. It's not mixed. I understood it this way that the order is
only important for log statements. I hope this is correct.)

After a reboot (I had problems with restarting it), there are messages
directed to the netfilter log, and the messages log is kept clean too, but
my console is still flooded!

I commented out ALL the log paths of syslog-ng.conf and rebootet which
results in empty log files but still console logging.

Then I tried klogd -c 0 (which should stop klogd from logging to the
console if it is not extremely important) as well as stopping klogd
completely which has no visible effect either.

So here's my question: Where are those console messages from? Is it
possible to log them through syslog-ng and finally stop logging to the
console?

I really tried to help myself, so please excuse if this question was asked
earlier -- I didn't found it!

Thanks for your help!!!
Alexander von Hedenstroem.