# syslog-ng:How to remove annoying 'STATS: dropped 0' message?

## emmjay79

Hey all,

I've converted from metalog to syslog-ng. However, I get these annoying 'STATS: dropped 0' lines appearing through the syslog.

That's quite nice - syslog-ng managed to not drop anything. This is the norm. I can assume that it will never drop any messages, as this server is quite idle.

So, anyway - is there a way to filter out these messages? I've done a quite search on the forums/Google, and I've managed to create a half botched up syslog-ng.conf file - although this doesn't achieve what I want.

Any help much appreciated.  :Smile: 

# cat /etc/syslog-ng/syslog-ng.conf

options { long_hostnames(off); sync(0); };

#source where to read log

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };

#define destinations

destination authlog { file("/var/log/auth.log"); };

destination syslog { file("/var/log/syslog"); };

destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); };

destination lpr { file("/var/log/lpr.log"); };

destination user { file("/var/log/user.log"); };

destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };

destination newserr { file("/var/log/news/news.err"); };

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };

destination console_all { file("/dev/tty12"); };

destination xconsole { pipe("/dev/xconsole"); };

#create filters

filter f_auth { facility(auth); };

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };

filter f_intnotSTATS { not match("STATS: dropped"); };

filter f_cron { facility(cron); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_lpr { facility(lpr); };

filter f_mail { facility(mail); };

filter f_user { facility(user); };

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn)

        and not facility(auth, authpriv, mail, news); };

filter f_emergency { level(emerg); };

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_crit { level(crit); };

filter f_err { level(err); };

filter f_failed { match("failed"); };

filter f_denied { match("denied"); };

#connect filter and destination

log { source(src); filter(f_authpriv); destination(authlog); };

log { source(src); filter(f_syslog); destination(syslog); };

log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };

log { source(kernsrc); filter(f_kern); destination(kern); };

log { source(src); filter(f_lpr); destination(lpr); };

log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

log { source(src); filter(f_emergency); destination(console); };

#default log

log { source(src); destination(console_all); };

----------

## Rav70

I'd try:

```

options { long_hostnames(off); sync(0); stats(0); };

```

stats() takes as argument number of seconds between inserting the STATS line, so "0" should turn off that feature.

Regards,

Rav

----------

## emmjay79

Fantastic! That hit the nail on the head. Thanks!

----------

## urcindalo

Another thank you. You made my day   :Very Happy: 

Just for future reference for people like me who need explanations to be very, very clear. Edit your /etc/syslog-ng/syslog-ng.conf file so that it reads at the very beginning:

```
$ cat /etc/syslog-ng/syslog-ng.conf

options { chain_hostnames(off); sync(0); };

options { long_hostnames(off); sync(0); stats(0); };

...
```

----------

## Drunkula

Not only that but you have a filter defined as:

```
filter f_intnotSTATS { not match("STATS: dropped"); };
```

But you aren't applying it to any of the logs.

----------

