I find at versions syslog-ng-3.5 and syslog-ng-3.6 ,the syslog-ng will by default read from /dev/kmsg even if when I don't use
file ("/proc/kmsg" program_override("kernel: "));
in source{ },
when I use docker container ,I find that all containers will read /dev/kmsg , this will have some problems.
so how can I specify don't read /dev/kmsg in configure ?
You probably use the system() source somewhere in your configuration. This source reads platform-specific sources automatically, and reads /dev/kmsg on Linux if the kernel is version 3.5 or newer (see https://www.balabit.com/documents/syslog-ng-ose-3.6-guides/en/syslog-ng-ose-guide-admin/html/configuring-source-system.html).
If you're sure you don't need it, remove the system() source from your config
