syslog-ng set loglevel/priority to warning or more to be less verbose

Question

How to run/configure syslog-ng to log only above the security loglevel/priority WARNING?

I would like to discard NOTICES like:

Destination timeout has elapsed, closing connection; fd='36'

From the docs: (https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.22/administration-guide/17#TOPIC-1209129) I found this:

The syslog-ng OSE application sends the following message types from the internal() source:

fatal: Priority value: critical (2), Facility value: syslog (5)

error: Priority value: error (3), Facility value: syslog (5)

warning: Priority value: warning (4), Facility value: syslog (5)

notice: Priority value: notice (5), Facility value: syslog (5)

info: Priority value: info (6), Facility value: syslog (5)

But can't find how to set the loglevel to warning

score 1 · Accepted Answer · answered Jul 03 '20 at 15:06

1

The internal() source of syslog-ng produces internal messages on different hard-coded log levels. verbose, debug, and trace messages can be enabled/disabled with syslog-ng-ctl verbose|debug|trace --set on|off .

You can add a filter to keep only warnings and above:

filter f_warn { severity(warning..emergency) };

log {
  source { internal(); };
  filter(f_warn);
  destination { ... };
};

answered Jul 03 '20 at 15:06

MrAnno

210
1
7

Is there any diference using `level` instead of `severity` for example: `filter f_warn { level(warning..emerg); };` ? – nbari Jul 03 '20 at 16:19
1

No, level() is just an alias for severity(). – MrAnno Jul 03 '20 at 16:21

syslog-ng set loglevel/priority to warning or more to be less verbose

1 Answers1