Sogo floods messages.log

sogo
v7

(Ralf Jeckel) #1

NethServer Version: NS 7.4
Module: Sogo

SOGo floods my log with this messages:

Dec  4 12:35:01 ns7ad1 systemd: Started Session 162 of user sogo.
Dec  4 12:35:01 ns7ad1 systemd: Starting Session 162 of user sogo.
Dec  4 12:35:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:35:01 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:36:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:36:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:36:01 ns7ad1 systemd: Started Session 163 of user sogo.
Dec  4 12:36:01 ns7ad1 systemd: Starting Session 163 of user sogo.
Dec  4 12:36:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:36:01 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:37:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:37:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:37:01 ns7ad1 systemd: Started Session 164 of user sogo.
Dec  4 12:37:01 ns7ad1 systemd: Starting Session 164 of user sogo.
Dec  4 12:37:02 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:37:02 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:38:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:38:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:38:01 ns7ad1 systemd: Started Session 165 of user sogo.
Dec  4 12:38:01 ns7ad1 systemd: Starting Session 165 of user sogo.
Dec  4 12:38:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:38:01 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:39:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:39:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:39:01 ns7ad1 systemd: Started Session 166 of user sogo.
Dec  4 12:39:01 ns7ad1 systemd: Starting Session 166 of user sogo.
Dec  4 12:39:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:39:01 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:40:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:40:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:40:01 ns7ad1 systemd: Started Session 167 of user sogo.
Dec  4 12:40:01 ns7ad1 systemd: Starting Session 167 of user sogo.
Dec  4 12:40:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:40:01 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:41:02 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:41:02 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:41:02 ns7ad1 systemd: Started Session 168 of user sogo.
Dec  4 12:41:02 ns7ad1 systemd: Starting Session 168 of user sogo.
Dec  4 12:41:02 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:41:02 ns7ad1 systemd: Stopping User Slice of sogo.
Dec  4 12:42:01 ns7ad1 systemd: Created slice User Slice of sogo.
Dec  4 12:42:01 ns7ad1 systemd: Starting User Slice of sogo.
Dec  4 12:42:01 ns7ad1 systemd: Started Session 169 of user sogo.
Dec  4 12:42:01 ns7ad1 systemd: Starting Session 169 of user sogo.
Dec  4 12:42:01 ns7ad1 systemd: Removed slice User Slice of sogo.
Dec  4 12:42:01 ns7ad1 systemd: Stopping User Slice of sogo.

Every minute 6 entries.

I stopped this behavior by creating a ignore-systemd-session-slice-sogo.conf file in/etc/rsyslog.d/ with this content:

if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting User" or $msg contains "Removed slice User" or $msg contains "Stopping User") then stop

(I got this from https://unix.stackexchange.com/questions/267965/system-log-full-of-session-and-slice-messages with little modifications and it works.)

2 questions @stephdl

  1. do we need this messages in the log or are they relevant?
  2. if not, wouldn’t it be convenient to create this file automatically and restart rsyslog when installing SOGo ?

Dbus-org.freedesktop.timedate1.service message
(Stéphane de Labrusse) #2

tk I will look

reminder for me: https://access.redhat.com/solutions/1564823


(Stéphane de Labrusse) #3

when in the link above I can read

Resolution

These messages are normal and expected -- they will be seen any time a user logs in

Does the solution need to come from sogo, do we need to put a workaround in the wiki page to remove this logs noise, or do sogo must decide for the whole system…I must say I don’t know


(Jeroen Visser) #4

… it would be neat to to be able to set the SOGo loglevel to minimal in the GUI and ignore these messages, or have all systemd messages in a sepparate logfile. /var/log/messages on a bussy SOGo server, is useless because of all this slice garbage.


(Stéphane de Labrusse) #5

Logo gets its logs, but here it is systemd noise you see. If you don’t want to see them, then you must adjust your /etc/systemd/system.conf

#LogLevel=info
to
LogLevel=notice

or create a rsyslog filter like you see.

The noise comes from this cron

# Email alarms - runs every minutes
# If you need to use SMTP AUTH for outgoing mails, specify credentials to use
# with '-p /path/to/credentialsFile' (same format as the sieve credentials)
* * * * *      sogo	/usr/sbin/sogo-ealarms-notify > /dev/null 2>&1

(Ralf Jeckel) #6

I think the “Fine tune SOGo” section in the wiki would be a good place for that.
Those who are disturbed by the noise can find a workaround in the wiki.


Virus/Malware and Systemload
(Stéphane de Labrusse) #7

kudo @flatspin, for now written at https://wiki.nethserver.org/doku.php?id=sogo#sogo_floods_var_log_messages

we will see later what we can do, but for now it rocks on my server