# disable courier-imap logging

## halfgaar

Is there a way to disable courier-imap from logging, or maybe reducing it only to ciritical errors? I can't find such an option in the config file, in /etc/conf.d, or anywhere else. The problem it, it produces about 5000 lines every day, because I have Korn (KDE mail notifier) and thunderbird checking mail all the time.

----------

## pjp

Moved from Other Things Gentoo

----------

## magic919

Do you use syslog-ng?  You can filter them down with that.  Mine has

filter f_mail { facility(mail) and not match (Login); };

to stop all the login messages.

----------

## halfgaar

I indeed use syslog-ng. 

I can't seem to get a correct filter. No matter what I filter on, the lines keep appearing. Could you help perhaps? The lines I don't want are:

```

Feb  1 13:21:25 host imapd: Connection, ip=[::ffff:127.0.0.1]

Feb  1 13:21:26 host imapd: LOGIN, user=user, ip=[::ffff:127.0.0.1], protocol=IMAP

Feb  1 13:21:26 host imapd: LOGOUT, user=user, ip=[::ffff:127.0.0.1], headers=0, body=0, time=0, starttls=1

Feb  1 13:23:24 host imapd: DISCONNECTED, user=user, ip=[::ffff:127.0.0.1], headers=0, body=0, time=1405

```

Filtering on "LOGIN", "LOGOUT", "DISCONNECTED" and "Connection" would seem to be what I want.

The facility BTW, I asume that's imapd?

----------

## magic919

Generally the facility will be mail for such servers.  Do you have all your syslog stuff logged to one file or several?  Might be easier if you ppst your current syslog-ng.conf.

----------

## halfgaar

Pretty much default config:

```

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $

#

# Syslog-ng default configuration file for Gentoo Linux

# contributed by Michael Sterrett

options {

        chain_hostnames(off);

        sync(0);

        # The default action of syslog-ng 1.6.0 is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of

        # how many messages syslog-ng missed (0).

        stats(43200);

};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...

destination console_all { file("/dev/tty12"); };

# ...if you intend to use /dev/console for programs like xconsole

# you can comment out the destination line above that references /dev/tty12

# and uncomment the line below.

#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };

log { source(src); destination(console_all); };

```

As you can see, only one log file (/var/log/messages).

----------

## magic919

Okay, bare bones.

Add in this

```

destination mail { file("/var/log/maillog" perm(0644) ); };

filter f_mail { facility(mail) and not match (LOGIN); };

log { source(src); filter(f_mail); destination(mail); };

```

And you'll start a mail log /var/log/maillog.

Once that is working add to .. not match (LOGIN, LOGOUT, etc)

When you have it under control consider excluding facility mail from the current /var/log/messages.

One thing at a time.

----------

## halfgaar

Actually, I don't like seperate log files, because when dealing with any kind of hierarchy or ordering, it's always ambigious what goes where.

But, you've given me enough to solve my problem. I did this:

```
filter no_imapd_verbosity {not program(imapd) or not (match(LOGIN) or match(LOGOUT) or match(Connection) or match(Disconnected));};

log { source(src); filter(no_imapd_verbosity); destination(messages); };
```

That should suffice. I didn't know I had to put the filter in the log-statement (should have read the manpage better...).

----------

## magic919

That'll do the job.  You can stick the match statements in one set of brackets with commas to separate. - not match (LOGIN,LOGOUT,Connection,Disconnected) for a bit more efficiency.

----------

