[SOLVED] Disable writing log files to the local disk

[Sheldon]

System -> Settings -> Logging -> Disable writing log files to the local disk

I have this checkbox enabled, so i expected not to have any log files. But there are new log files stored in /var/log/. Since /var/ is not a ram disk, the logs survive reboots.

The Documentation (https://docs.opnsense.org/manual/settingsmenu.html) says:

Useful to avoid wearing out flash memory (if used). Remote logging can be used to save the logs instead if desired.

Does this mean that i have to set up remote logging, to make this setting effective?

Is there any way to disable log files, without using remote logging? I probably could shutdown the syslog service. But still, i am wondering what this setting is supposed to do, when remote logging is not configured?

[allebone]

system - settings - misc

option:  /var RAM disk

Description: Use memory file system for /var
Set this if you wish to use /var as a RAM disk (memory file system disks) rather than using the hard disk. Setting this will cause the data /var to be lost on reboot, including log data.

[Sheldon]

Thank you for your reply.

Enabling this RAM disk option prevents the logs from being written to the local hard disk, with logs still being written. But i am wondering what the other option ("Disable writing log files to the local disk") does, or what it is supposed to do? I expected it to disable writing local logs completely, and it looks like this option doesn't change anything.

[KeyHand]

The 'Local Logging - Disable writing log files to the local disk' option corresponds to the `disablelocallogging` configuration paramter in the back end.  If the option is checked, the logic appears to skip over creating several syslog directives which would result in logs being written to disk; effectively not logging anything.  However, if I'm reading it right, this only appears to occur if 'Disable circular logs' is  unchecked.  I.e. `clog` logs.

So unless 'Disable circular logs' is unchecked, logs will always be written to disk regardless of the 'Local Logging' setting.  This is unlikely to be intentional behaviour.  If your goal is it minimise writes to disk, the current best option is use of '/var RAM disk' (as already suggeted) and a small number for 'Preserve logs (Days)'.

[Sheldon]

Thank you for your research!

I confirm that this combination actually changed the logging behaviour. Now that i have "Disable circular logs" unchecked and "Local Logging - Disable writing log files to the local disk" checked, i don't see any new logging entries.

I also think this behaviour is not intended, because otherwise i would expect this correlation being mentioned in the documentation of "Local Logging".

My questions are answered and i know what to do. Thanks again :-)

[Ricardo]

The 'Local Logging - Disable writing log files to the local disk' option corresponds to the `disablelocallogging` configuration paramter in the back end.  If the option is checked, the logic appears to skip over creating several syslog directives which would result in logs being written to disk; effectively not logging anything.  However, if I'm reading it right, this only appears to occur if 'Disable circular logs' is  unchecked.  I.e. `clog` logs.

So unless 'Disable circular logs' is unchecked, logs will always be written to disk regardless of the 'Local Logging' setting.  This is unlikely to be intentional behaviour.  If your goal is it minimise writes to disk, the current best option is use of '/var RAM disk' (as already suggeted) and a small number for 'Preserve logs (Days)'.

Just among us.. If you made a poll, and asked 100 random opnsense admin, how many would know this is how this logging thing works in opnsense 21.1? As the docs in this topic  are unhelpful, even worse completely misleading the reader, as usual very frequently.

[chemlud]

Bug report?

[franco]

Bug fix! https://github.com/opnsense/core/commit/6f7744993


Cheers,
Franco

[KeyHand]

Thank you for your research!

You're most welcome

Just among us.. If you made a poll, and asked 100 random opnsense admin, how many would know this is how this logging thing works in opnsense 21.1? As the docs in this topic  are unhelpful, even worse completely misleading the reader, as usual very frequently.

As with any software project, there are shortcomings in both technical features and the documentation.  If OPNsense was a commercial application that mandated a license fee for its use, and the money raised from said license fee went toward a team of software developers, technical writers, quality assurance testers and support staff, I would absolutely agree.

But it's not.

It's both free (monetarily) to use by anyone and free (libre) to inspect the inner workings of.  The latter I greatly value far more than the former.  When I'm unsure as to why a system component isn't behaving the way I expect it to, I can directly consult the code; something that would be impossible with a closed source project.  Sometimes these investigations provide additional context for system components that may have been overlooked.  I feel it's the very least I can do to contribute to the community.

Bug report?

Absolutely! Bring it to someone's attention.  Without getting eyes on the problem, it's never going to get fixed.

Bug fix! https://github.com/opnsense/core/commit/6f7744993

See, the system works!  :D