Excessive verbosity
David A. De Graaf
dad at datix.us
Sat Jul 18 21:26:11 UTC 2015
The verbosity of systemd and its associated logging functions is out
of control. It drives me crazy, and I can only hope that this attempt
to complain constructively will be heeded.
After recovering from the disaster of filling my root filesystem while
away from home, I'm attempting to bring back some discipline to
/var/log. Aside from the outrage of the journal system,
/var/log/httpd/error_log and /var/log/audit/audit.log are the worst
offenders.
The httpd errors are of this recurring general form:
[Sat Jul 18 10:48:39.918368 2015] [:error] [pid 10957] [client
192.168.2.1:54848] PHP Deprecated: Non-static method
GalleryUtilities::isEmbedded() should not be called statically,
assuming $this from incompatible context in
/usr/share/gallery2/modules/core/classes/GalleryUrlGenerator.class
on line 381, referer: http://datix.us/
and seem to be due to a major screwup in the gallery2 code with
respect to static vs. non-static methods, whatever that means.
A whack-a-mole debugging process is ongoing to fix these.
Thanks to Joel for responding to BZ 1214128 and trying to fix 'em.
The auditd system seems grotesque to me. It purports to insert code
in every single system call and report on it. This can only seriously
degrade Linux's efficiency. Others have noticed the excessive volume of
reporting and tried to suppress it. One recommends removing the audit
package, or disabling auditd, but that merely transfers the reporting
to /var/log/messages.
In https://fedorahosted.org/fesco/ticket/1311 I read that the overhead
is so great that it was
"AGREED: turn off syscall auditing for all processes by default."
with this to be done by
Add something like this to /etc/audit/rules.d/audit.rules:
# This suppresses syscall auditing for all tasks started
# with this rule in effect. Remove it if you need syscall
# auditing.
-a task,never
Sure enough, that's the way Fedora 22 is delivered.
However, it doesn't work!
The audit.log is still swamped with unwanted drivel.
Following a clue in
https://www.redhat.com/archives/linux-audit/2012-January/msg00012.html
I have added these commands to /etc/rc.d/rc.local with good results:
# Stop auditd from writing so much crap
auditctl -a exclude,always -F msgtype=MAC_IPSEC_EVENT
auditctl -a exclude,always -F msgtype=USER_AUTH
auditctl -a exclude,always -F msgtype=USER_ACCT
auditctl -a exclude,always -F msgtype=CRED_REFR
auditctl -a exclude,always -F msgtype=CRED_DISP
auditctl -a exclude,always -F msgtype=CRED_ACQ
auditctl -a exclude,always -F msgtype=USER_START
auditctl -a exclude,always -F msgtype=USER_END
auditctl -a exclude,always -F msgtype=SERVICE_START
Now the only msgtype left in audit.log is type=LOGIN, which occurs
whenever a cronjob fires off. Since I'm a big user of cronjobs, there
are still too many of these.
In whose perverted mind is running a cronjob related in any way to
logging in?
While venting, there are two other problems with the audit system:
1) The auditctl man page says to combine multiple -F options in a
single command for efficiency. It doesn't work.
2) With all the verbosity of audit.log, nowhere is the date shown.
If this data were really intended to be used or read, wouldn't it be
possible to squeeze in `date` somehow?
--
David A. De Graaf DATIX, Inc. Hendersonville, NC
dad at datix.us www.datix.us
"Those who hear not the music, think the dancers mad."
More information about the users
mailing list