[syslog-ng] how to avoid logging to consoles?

iv iv at zabuchy.net
Mon May 23 17:15:34 CEST 2005 

hi all
i'm trying to configure syslog-ng for logging events from firewall
everything works fine, except one thing: all messages appear on all my 
consoles
how can i avoid that? it makes impossible working with the console, logs 
appear even while editing files
and situation does't change when i comment out all "log" entries in the 
syslog-ng.conf file
please, any ideas:)

my syslog-ng.conf:

options {
       use_fqdn(yes);
       use_dns(no);
       chain_hostnames(yes);
       use_time_recvd(no);
#       sync(10);

       perm(0640);
       owner("root");
       group("root");
       create_dirs(yes);
       dir_perm(0750);
       dir_owner("root");
       dir_group("root");
};



source syslog {
       unix-stream("/dev/log");
};

source kernel {
       file("/proc/kmsg");
};

source syslog-ng {
       internal();
};



destination firewall {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/firewall");
};

destination kernel {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/kernel");
};

destination invalid {
       file("/spool/unknown/$YEAR/$MONTH/$DAY/invalid");
};

destination postfix {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/postfix");
};

destination cron {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/cron");
};

destination generic {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/$PROGRAM");
};

destination syslog-ng {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/syslog-ng");
};

destination misc {
       file("/spool/$HOST/$YEAR/$MONTH/$DAY/misc");
};


## kernel
filter firewall {
       match("IN=") and match("OUT=") and match("PROTO=");
};

filter notfirewall {
       not match("IN=") and not match("OUT=") and not match("PROTO=");
};

log {
       source(kernel);
       filter(firewall);
       destination(firewall);
};

log {
       source(kernel);
       filter(notfirewall);
       destination(kernel);
};


## internal
log {
       source(syslog-ng);
       destination(syslog-ng);
};


## syslog
filter invalid {
       not host("^syslog@[a-z]+$");
};

filter postfix {
       host("^syslog@[a-z]+$")
       and program("^postfix/");
};

filter cron {
       host("^syslog@[a-z]+$")
       and program("^(/USR/SBIN/CRON|/usr/sbin/cron)$");
};

filter generic {
       host("^syslog@[a-z]+$")
       and program("^([a-z][a-z._-]*)$");
};

log {
       source(syslog);
       filter(invalid);
       destination(invalid);
};

log {
       source(syslog);
       filter(postfix);
       destination(postfix);
};

log {
       source(syslog);
       filter(cron);
       destination(cron);
};

log {
       source(syslog);
       filter(generic);
       destination(generic);
};

log {
       source(syslog);
       destination(misc);
       flags(fallback);
};

i'm running linux debian 2.6.11.8 testing

thanks in advance,
iv

More information about the syslog-ng mailing list