Stopping an application from logging to syslog
If you need to stop an application logging to syslog and the app has no configuration setting to do this, you will need to edit your syslog config. This is normally located in /etc/syslog.conf
Firstly look at some sample log output from your app, we will use the following example to demonstrate:
Jun 15 09:34:22 ws1 honeyd[3347]: Demoting process privileges to uid 32767, gid 32767
The format of log message this is roughly:
<date> <hostname> <app name>: <message>
The app name may contain its process ID in round or square brackets this can be ignored. So our app name from the example above is "honeyd"
An application can log to syslog using various levels but we are only concerned with stopping them all. You will need to add the following lines to your syslog.conf:
#honeyd does not get logged
honeyd.* /dev/null
This will send all log messages for the honeyd app to /dev/null eg. nowhere. You could put a different file here such as /var/log/honeyd
Even though we have defined all honeyd messages to a different file they will still be logged in the main log files such as /var/log/syslog or /var/log/messages. To stop this you will need to add the following text to any other statements that still log to unwanted files:
honeyd.none
For example, a default "catch all" syslog statement could look something like this:
*.*;auth,authpriv.none -/var/log/syslog
You will need to change it to this:
*.*;auth,authpriv.none;honeyd.none -/var/log/syslog
Restart syslog after the config file changes have been made and you are done.
Last updated: 25/06/2005