Date: Mon, 15 May 2017 12:51:41 -0600 From: Ian Lepore <ian@freebsd.org> To: "Ngie Cooper (yaneurabeya)" <yaneurabeya@gmail.com> Cc: src-committers <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r318250 - in head: etc etc/newsyslog.conf.d etc/syslog.d tools/build/mk Message-ID: <1494874301.59865.116.camel@freebsd.org> In-Reply-To: <60A3FDE1-F68E-49D5-972F-A0C8993E0FEE@gmail.com> References: <201705131537.v4DFbgWV045290@pdx.rh.CN85.dnsmgr.net> <E92037DB-3739-4BA9-BC96-A50855F19B04@gmail.com> <CANCZdfpmcfU9YCxgZ%2Bi3AnPW77TPk1MRu2msWJ4t-rPE90SCiw@mail.gmail.com> <2229085.lB46rKsq7o@ralph.baldwin.cx> <1494870201.59865.103.camel@freebsd.org> <0B1B76CF-9CC4-422B-8356-AE425413850B@gmail.com> <60A3FDE1-F68E-49D5-972F-A0C8993E0FEE@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2017-05-15 at 11:24 -0700, Ngie Cooper (yaneurabeya) wrote: > > > > On May 15, 2017, at 10:47, Ngie Cooper (yaneurabeya) <yaneurabeya@g > > mail.com> wrote: > > > > > > > > > > On May 15, 2017, at 10:43, Ian Lepore <ian@FreeBSD.org> wrote: > > … > > > > > > > > That's only a good argument for keeping the lines in the > > > monolithic > > > file if those lines will be ignored when a file in the .conf.d > > > directory provides conflicting config. Otherwise my embedded > > > product > > > that drops different rules for rotating /var/log/messages into > > > .conf.d > > > STILL has to programmatically edit the monolithic file to remove > > > the > > > standard rule(s). > > Bingo. This is part of the reason why I did this, apart from > > being selfish in not wanting to handle a handful of unnecessary > > entries in newsyslog/syslogd on all of my systems where I set these > > knobs to no. > > Literally all I did was `dd+p` in vim in the new files. I didn’t > > add or subtract any overall entries. > And for context, we (Isilon) run newsyslog more frequently than > upstream (sometimes every couple minutes, sometimes multiple times an > hour/day), attributing to unnecessary creation and modification of > log files (like this) that we (Isilon) don’t care about at all, which > causes other potential issues with root media wear, potential for > filesystem corruption, reduced number of available inodes/space > because it allocates at least the frag size for a file, etc. > We also run log rotation frequently (every 5 minutes) on our embedded systems. That was super-important back when we logged to a ram filesystem, then newsyslog would rotate and compress from there to sdcard. Now we just log to sdcard because when something goes wrong it's almost always the end of the log that has the clues (unless something triggers runaway log spewage) and we often lost it. A local modification we still apply to our syslogd allows you to specify in syslog.conf that for any given file, syslogd itself should limit the size of that file if the rotation doesn't take care of it soon enough. That was important to prevent filling up a ram filesystem with runaway logging. Now it's a feature we don't use much, but before I throw it overboard I thought I'd mention it here in case others have any use for it... The way the feature worked was you could put at the end of a line in syslog.conf "R nnnnK" -- the 'R' had a historical meaning that's now lost, so we bacronymed it to mean "Recycle" -- when the log grows to nnnnK in size, the last 32K of the file becomes a circular buffer that continually gets rewritten until a normal file rotation happens. If something triggers runaway logging, the hope is that that event got captured somewhere before the final 32k of the file, so you still have some clues for postmortem analysis. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1494874301.59865.116.camel>