(Tentatively Solved) syslog-ng spamming general log once per minute

Started by Koldnitz, August 01, 2020, 07:36:18 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 14, 2020, 05:58:45 AM #15
I try to open a bug report at syslog-ng
November 08, 2020, 08:08:57 PM #16 Last Edit: November 08, 2020, 09:15:29 PM by Koldnitz
This morning I decided to try and implement MTR's solution to syslog-ng's spamming of the general log.

I was unable to get it to work (I am sure I copied / pasted something wrong or misunderstood his instructions).

Quote from: mimugmail on October 12, 2020, 01:08:09 PM
I think you can also just add "message('Destination timeout has elapsed, closing connection; fd=')" at the end of the exclude line.

I saw this piece of advice, and looked at the config file a bit.

Through trial and error I seem to have gotten his suggestion to work.

/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-local.conf

Code Select

################################################################################
# not captured elsewhere, but relevant, send to system[__].log
################################################################################
filter f_local_system {
    not filter({{ all_filters|join(') and not filter(') }})
    and level(notice..emerg)
    and not message('Destination timeout has elapsed, closing connection; fd=')
};

destination d_local_system {
    file(
        "/var/log/system/system_${YEAR}${MONTH}${DAY}.log"
        create-dirs(yes)
    );
};

log {
    source(s_all);
    filter(f_local_system);
    destination(d_local_system);
};

{% endif %}


Please note the line: and not message('Destination timeout has elapsed, closing connection; fd=')

Everything seems to work (not seeing any of these annoying messages for 20 minutes and counting).

I had to start and stop the syslog-ng service to get these changes to take effect (I believe MTR noted the same thing).

I hope this helps someone.

Cheers,
November 22, 2020, 03:43:40 PM #17
Quote from: Koldnitz on November 08, 2020, 08:08:57 PM
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-local.conf

Code Select

################################################################################
# not captured elsewhere, but relevant, send to system[__].log
################################################################################
filter f_local_system {
    not filter({{ all_filters|join(') and not filter(') }})
    and level(notice..emerg)
    and not message('Destination timeout has elapsed, closing connection; fd=')
};

destination d_local_system {
    file(
        "/var/log/system/system_${YEAR}${MONTH}${DAY}.log"
        create-dirs(yes)
    );
};

log {
    source(s_all);
    filter(f_local_system);
    destination(d_local_system);
};

{% endif %}


I hope this helps someone.

Cheers,

Yes, it did! Many thanks
November 23, 2020, 12:49:17 PM #18
If this works, please consider taking this upstream with the project, and/or with the OPNsense team for inclusion. It would make logs so much more readable.
In theory there is no difference between theory and practice. In practice there is.
December 03, 2020, 10:28:03 AM #19
The exclusion configuration line works for me, wish I had known or figured out the trick earlier
Now my log finally makes sense again, and SSD's life expectancy is not wasted on these spams
And yes Opnsense team please make it into the next release, even it's just a stopgap rather than fix.

Cheers,
Ivan


December 03, 2020, 12:30:39 PM #20
syslog-ng will fix this in next version, unsure when it arrives (also in OPNsense):
https://github.com/syslog-ng/syslog-ng/issues/3506
December 03, 2020, 07:58:18 PM #21
Good to know... 3.30 is already queued up for 20.7.6.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions