Hide syslogd messages in Konsole

Good day.

I get 100s of syslogd messages in active Konsoles on desktop, they wreck the screen and if I am using a text editor in Konsole it breaks the files, I can’t normally close the files. Messages appear from amavisd-new.

Message from syslogd@localhost at Oct 23 09:01:47 ...
 clamav[11611]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04899-tfRApExY/parts/p001

Broadcast message from systemd-journald@linux-fx1e (Wed 2019-10-23 09:02:02 PDT):

clamav[11697]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04898-nXTvB5OS/parts/p002


Message from syslogd@localhost at Oct 23 09:02:02 ...
 clamav[11697]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04898-nXTvB5OS/parts/p002

Message from syslogd@localhost at Oct 23 09:02:02 ...
 clamav[11707]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04898-nXTvB5OS/parts/p001

Broadcast message from systemd-journald@linux-fx1e (Wed 2019-10-23 09:02:02 PDT):

clamav[11707]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04898-nXTvB5OS/parts/p001


Broadcast message from systemd-journald@linux-fx1e (Wed 2019-10-23 09:02:17 PDT):

clamav[11794]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04899-tfRApExY/parts/p002


Message from syslogd@localhost at Oct 23 09:02:17 ...
 clamav[11804]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04899-tfRApExY/parts/p001

Broadcast message from systemd-journald@linux-fx1e (Wed 2019-10-23 09:02:17 PDT):

clamav[11804]: Signature detected: Heuristics.Structured.SSN in /var/spool/amavis/tmp/amavis-20191023T084458-04899-tfRApExY/parts/p001


I didn’t get these messages in XFCE terminal but I uninstalled XFCE due to poor memory management and switched to KDE.

Please let me know how to stop this.

Thanks!

https://stackoverflow.com/questions/41444630/how-to-avoid-broadcast-messages-from-syslog-printed-on-the-console

may be of use…

I don’t see those messages on konsoles. You must have something in your syslog configuration that is broadcasing logs.

As for xfce-terminal : it does not write a “utmp” entry, so that terminal is not seen for broadcast messages. I don’t know of a way to turn of the ut entry for konsole.

Since “xterm” is normally installed, you can try opening a terminal with

xterm -ut

The “-ut” tells “xterm” to not write a utmp entry. But it would be better to check your syslog configuration.

Here, I am using “rsyslog” with the default configuration.

Thanks for the link, followed the instructions from it. In addition, created emerg.conf in /etc/rsyslog.d

if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then {
*.emerg /var/log/PANIC
stop
}

These messages showup on console & Konsole because of rsyslog option -

*.emerg                                  :omusrmsg:*

If you can could you please show your rsyslog?

I spoke too soon, these messages still show up.

I have that same line.

I guess the real question is why “clamav” is issuing messages at the emerg level. I’m not running “clamav” here, so maybe my earlier post was misleading. I rarely see a konsole log message. I see such messages only from “apcupsd” (UPS daemon). And only for power interruption/restore events.

No worries, I think I fixed it this time with emerg.conf in /etc/rsyslog.d

root@linux-fx1e:/home/flux # tail -f /var/log/PANIC 
2019-10-24T07:43:25.382042-07:00 localhost clamav[24668]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:42.129280-07:00 localhost clamav[24880]: Signature detected: {HEX}php.cmdshell.r57.335.UNOFFICIAL in fd[12]
2019-10-24T07:43:42.563463-07:00 localhost clamav[24890]: Signature detected: Heuristics.Structured.CreditCardNumber in fd[12]
2019-10-24T07:43:44.045642-07:00 localhost clamav[24900]: Signature detected: {HEX}Malware.Expert.generic.eval.gzinflate.base64.9.UNOFFICIAL in fd[12]
2019-10-24T07:43:45.018844-07:00 localhost clamav[24911]: Signature detected: {HEX}php.exe.globals.414.UNOFFICIAL in fd[12]
2019-10-24T07:43:45.273617-07:00 localhost clamav[24926]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:45.400859-07:00 localhost clamav[24936]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:46.023599-07:00 localhost clamav[24946]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:46.319576-07:00 localhost clamav[24956]: Signature detected: SecuriteInfo.com.JS.Obfus.Gen-1.UNOFFICIAL in fd[12]
2019-10-24T07:43:46.520212-07:00 localhost clamav[24966]: Signature detected: Heuristics.Structured.CreditCardNumber in fd[12]
2019-10-24T07:43:46.669764-07:00 localhost clamav[24976]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:47.565764-07:00 localhost clamav[24986]: Signature detected: SecuriteInfo.com.Spam-5338.UNOFFICIAL in fd[12]
2019-10-24T07:43:47.676093-07:00 localhost clamav[24996]: Signature detected: Heuristics.Structured.SSN in fd[12]
2019-10-24T07:43:47.769301-07:00 localhost clamav[25008]: Signature detected: Heuristics.Structured.CreditCardNumber in fd[11]

Here is the snippet for /etc/rsyslogd/emerg.conf just in case someone faces similar issue.


if $syslogseverity-text == 'emerg' then {
*.emerg /var/log/PANIC
stop
}

Good to hear.