如何阻止Tomcat / rsyslog登录到控制台？

在我的工作中，有人设置了Tomcat以登录到syslog。问题是这些消息也会被发送到控制台。

系统是RHEL6，这些是RPM的参与者

rsyslog-5.8.10-10.el6_6.x86_64
tomcat-7.0.64-1.x86_64

我尝试使用以下两个命令将消息静默到控制台：

dmesg -n 1
sysctl -w kernel.printk="1 4 1 3"

这些消息没有区别，这些消息仍然存在。Log4j似乎没有在这个系统上使用。在server.xmlTomcat中，此部分用于记录：

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
       prefix="localhost_access_log." suffix=".txt" rotatable="false"
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />

如果我停止rsyslog它将停止这些消息。我不知道rsyslog从Tomcat 设置日志记录做了什么，我不是Tomcat专家。Tomcat是唯一向控制台发送消息的应用程序。其他东西被发送到rsyslog但除了Tomcat之外没有任何东西被记录到控制台。

由于我尝试了命令，dmesg -n 1我怀疑Tomcat是在最高级别发送消息，但我找不到任何可能对此负责的代码。

控制台上的消息示例（请注意，它表示tomcat-instance06，它是一个允许多个Tomcat实例的自制RPM）。我只是注意到它总是在控制台上显示[FATAL]消息，然后是第二条消息：

Message from syslogd@localhost at Jun 22 16:52:12 ...
 [FATAL] some.portal-app: [model.website.PageService] RequestID already used - ...#012Detail: #012detail#012Tag context: #012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 486#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 484#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, l...

Message from syslogd@...ine at Jun 22 16:52:12 ...
 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 482#012/opt/tomcat-instance06/webapps/ROOT/model/WebserviceRequest.cfc, line 268#012/opt/tomcat-instance06/webapps/ROOT/model/website/PageService.cfc, line 194#012/opt/tomcat-instance06/webapps/ROOT/model/website/PageService.cfc, line 86#012/opt/tomcat-instance06/webapps/ROOT/model/RequestContextDecorator.cfc, line 16#012/opt/tomcat-instance06/webapps/ROOT/model/RequestContextDecorator.cfc, line 232#012/opt/tomcat-instance06/webapps/ROOT/handlers/General.cfc, line 596#012/opt/tomcat-instance06/webapps/ROOT/coldbox/system/web/Controller.cfc, line 764#012/opt/tomcat-instance06/webapps/ROOT/coldbox/system/web/Controller.cfc, line 648#012/opt/tomcat-instance06/webapps/ROOT/coldbox/system/web/services/ExceptionService.cfc, line 51#012/opt/tomcat-instance06/webapps/ROOT/coldbox/system/Coldbox.cfc, line 350#012/opt/tomcat-instance06/webapps/ROOT/coldbox/system/Coldbox.cfc, line 382#012/opt/tomcat-instance06/webapps/ROOT/Application.cfc, line 60

这是以下内容/etc/rsyslog.conf：

#
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog

# Provides --MARK-- message capability
$ModLoad immark

# Provides support for local system logging (e.g. via logger command)
$ModLoad  imuxsock

# set ratelimit interval
$SystemLogRateLimitInterval 2
$SystemLogRateLimitBurst 150

# Provides UDP syslog reception
$ModLoad  imudp

# Syslog server listen address
$UDPServerAddress 127.0.0.1

# Syslog server listen UDP port
$UDPServerRun 514

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*                                                  /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local0.none;local6.none  /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                                        /var/log/secure
# Log all the mail messages in one place.
mail.*                                                           -/var/log/mail.log

# Log cron stuff
cron.*                                                            /var/log/cron

# Everybody gets emergency messages
*.emerg                                                           *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                                    /var/log/spooler

# Save boot messages also to boot.log
local6.warning                                                    /var/log/audit_orcl.log
LOCAL6.WARNING                                                    /var/log/audit_orcl.log

# Save boot messages also to boot.log
local7.*                                                          /var/log/boot.log

# Log all messages to the following syslog servers
<I have removed this section containing ip's of syslogservers>

在/etc/rsyslog.conf中试图注释掉kern。*

#kern.*                                                  /dev/console

但重新启动rsyslog后，它仍然将这些tomcat消息记录到控制台:(

任何想法在哪里寻找禁用这些消息？

— Jacco
source

首先，很高兴您能够解决您的问题。但请不要编辑您的问题或问题标题- 添加“（求助）”。你的问题很好，你的答案解决了它，也很好。这一切都很好。如果您能在一天左右的时间内完成，请务必以解决方案的形式核对您的答案。这是表明问题已经解决的方法。

— 杰克古尔德2016年

发现它（呃）。

在评论中/etc/rsyslog.conf停止了这些消息：

# Everybody gets emergency messages
*.emerg                        *

并且还发现了tomcat是唯一一个连续登录到这个应用程序的事实是由于编程错误的应用程序将每条消息记录为致命的，导致它进入控制台。

— Jacco
source