[syslog-ng] Turning off TCP connection logs
Gergely Nagy
algernon at balabit.hu
Wed Jun 22 22:02:23 CEST 2011
JP Vossen <jp at jpsdomain.org> writes:
> This is probably totally obvious, but it's not jumping out at me in the
> admin guide or Google. How can I turn off the TCP connection logs like:
>
> Jun 22 01:40:47 centos5 syslog-ng[31034]: Syslog connection accepted;
> fd='10', client='AF_INET(192.168.1.148:46400)', local='AF_INET(0.0.0.0:514)'
> [...]
> Jun 22 01:40:47 centos5 syslog-ng[31034]: Syslog connection closed;
> fd='10', client='AF_INET(192.168.1.148:46400)', local='AF_INET(0.0.0.0:514)'
>
>
> I assume these are coming from the syslog-ng internal() source, but I'm
> not seeing how to turn only those off without affecting other internal
> syslog-ng messages. What am I being totally dense about and missing?
It is, indeed, coming from the internal() source, and the easiest way to
turn them off would be to filter them:
filter f_syslconn {
match("Syslog connection accepted;" type("string"));
};
And use that filter in the destination. Something like that.
--
|8]
More information about the syslog-ng
mailing list