#5887 Log spew messages from /var/log/merged/messages.log
Closed: Will Not/Can Not fix 6 months ago by smooge. Opened 3 years ago by marc84.

This was mention from Thursday meeting for Apprentice:
18:23:21 <nirik> also, I was thinking of another general quest type task for apprentices:
18:23:54 <nirik> look at /var/log/merged/messages on log01 and find things that are logging a lot that we do not care about then propose patches to stop them from logging anymore.
18:24:16 <nirik> we have a ton of log spew that we don't really normally care about at all. It would be nice to reduce that.

I think adding:

:msg, contains, "" ~

on rsyslog.conf to discard certain messages from logs

Well, no, that just masks the problem... the messages are still generated by that machine and travese the network and then are dropped by rsyslog on log01. I'd prefer if we find log messages that are not likely to be of interest to us at all, and fix them at the source so they are never logged in the first place.

For example we have a ton of these from all kinds of machines:

Mar 10 19:19:28 qa09.qa.fedoraproject.org audit: AVC avc:  denied  { search } for  pid=1947 comm="in:imfile" name="audit" dev="dm-0" ino=50370687 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:auditd_log_t:s0 tclass=dir permissive=0

This is due to us sending audit messages into syslog to be centrally logged, but we should look at how we could adjust selinux-policy to allow this.


I see there's a notifs-backend message that is invalid and keeps getting tossed to the back of the queue and reprocessed over and over again. Perhaps talk to FMN folks on #fedora-apps and figure out how to fix that message or just drop it?

Thanks for filing this and working on it. :cool:

I look through the log by using: cat /var/log/merged/messages.log | grep "denied" | more

It shows a lot of denied message and I think it is "syslogd_t" Domain

I think using: semanage permissive -a syslogd_t

Metadata Update from @kevin:
- Issue priority set to: Waiting on Asignee

2 years ago

Metadata Update from @smooge:
- Issue assigned to smooge

2 years ago

Metadata Update from @smooge:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)

6 months ago

Login to comment on this ticket.