Log management review

We had an issue where a printer’s queries caused NS to fill a hd with log entries. There’s little need for a 200 Gb log. How do we manage logs? Should we look into this?

1 Like

I don’t quite understand your questions. What are you proposing (rather then patching cups itself :stuck_out_tongue:) ?

Ok, I get it, not our thing, it’s upstream.
It just doesn’t seem that under any circumstances is this a good thing, and who knows how large the files were in /old, but because there is a /old directory it would seem that the logs are rolling over so… oh well.

I understand @fasttech concerns.

Even being someone else’s fault we don’t want a server taken down by a single point of failure, so if there’s a way to prevent that from happening we might consider exploring it.

Logs - NethServer Developer Manual
By default logs are rotated weekly and kept for 4 weeks. Some packages come with different defaults, but the majority do not specify a custom rotate value.

As logrotate is in place and can be configured to restrict the size of logs, is it worth to set some sane default rules?

There are some pros and cons…

  • Someone could intentionally exploit a bug to take down a server by growing logs.
  • Someone filling up the logs with noise to remove traces when hitting the pre-set limit…

Anyway I have saved old virtual machines for any proof.

One of my big concerns was that the GUI access not working.

Regards,

I see your concerns, but default logrotate rules have (probably) been tested but thousands of RHEL users and IMHO, these defaults are good enough.

But if we can point out specific problems with specific solutions, I’m ready to work on them! :wink:

1 Like

Could we see some lines from the logfile that were logged by the “defective” printer?

1 Like

Woke up and came to mind that the admin can create a separate /var/log or /var partition.

I’m not aware of which are the default rules, but agree with you. This might just have been a rare case, but not to be ignored.

Don’t want to collapse your agenda, surely there are higher priorities.

A vague idea: target only the services for whom there are no max log size rules. I don’t know if this is handled by logrotate or by rsyslog.

With some time, and after some research, I can try to be more specific. But first I would like to hear from others.

This can be done using maxsize option:

maxsize size
Log files are rotated when they grow bigger than size bytes even before
the additionally specified time interval (daily, weekly, monthly,
or yearly). The related size option is similar except that it
is mutually exclusive with the time interval options, and it causes
log files to be rotated without regard for the last rotation time.
When maxsize is used, both the size and timestamp of a log file are
considered.