Menu
▾
▴
#140 logging to multiple destinations
open
nobody
None
5
2007-07-06
2007-07-06
Anonymous
No
If i understand correctly, iptables/shorewall only logs to "kern" facility and bandwidth monitoring uses the "debug" level to perform it's bandwidth logging.
The problem is, besides the default log file '/var/log/bandwidth' that is created (and rotated every hour), the same logging is going to 'kern.log', 'syslog' and 'debug' log files...
When using syslog-ng, part of this issue can be mitigated with a quick hack:
filter f_syslog {
not facility(auth , authpriv)
and not ( facility(kern) and level(debug) );
};
filter f_kern {
facility(kern)
and not level(debug);
};
Note: this is using ubuntu 6.10, but should occur in a similar way on other linux distros aswell.
Logged In: YES
user_id=129364
Originator: NO
I can see how this could be a problem .. but it is not practical for Webmin to reverse-engineer a syslog-ng configuration to add the appropriate 'not' conditions to exclude debug logs. Doubly so for syslog-ng, as its config file is almost a programming language!
Logged In: NO
Hacking the syslog config is definitely not a fix for webmin, but the growth rate is really becoming an issue:
root:~# ls -l /var/log/debug && sleep 5 && ls -l /var/log/debug
-rw-r----- 1 root adm 200K Jul 7 05:34 /var/log/debug
-rw-r----- 1 root adm 226K Jul 7 05:34 /var/log/debug
these logs can easily go over 500MB
I also thought about filtering these messages from the logs on the rotate.pl script:
root:~# cat /var/log/debug | grep -v 'kernel: BANDWIDTH_[OI]' >/var/log/debug
I know overwriting them like this is probably not good practice, but it does work...
Thanks