On 10/06/15 19:30, Dan White wrote:
On 10/06/15 18:45 +0200, P. Wagner wrote:
On 10/06/15 15:30, Dan White wrote:
The shotgun approach for reducing the impact on your syslog is to >
modify your syslog daemon configuration to disregard auth.debug >
(auth.*).
Not possible, because the systemd journal itself stores everything it
gets sent, and _additionally_ (with CentOS default config) sends
copies of all messages to an rsyslog daemon which is in fact
configured to ignore auth.log messages by default, so none of the
messages end up in a "plain text log file", but instead are piling up
in the binary systemd journal file only. But I don't want this
irrelevant noise in my journal if I didn't ask for it.
Is this not configurable within systemd?
Not that I'm aware of, it's one of the selling points of the systemd
journal that it includes all possible messages, even those logged during
early stages of the boot process, and you can of course filter the
journal output to not the debug messages, but this still consumes system
resources for no reason at all and isn't really the point anyway - I've
expressly told cyrus-sasl that I don't want anything logged, yet I do
get logs, and really verbose ones at that.
You didn't comment on Viktor's findings/patch - is there a valid
reason why the connection handle parameter of log() is set to NULL
and prevents postfix from handling the messages? The messages are
logged with facility "auth", not "mail", so it's not a message passed
to postfix and then sent to syslog by postfix, but it's logged by the
cyrus-sasl module itself straight to syslog, despite log_level set to 0
Or, put another way, are you unable to confirm this behavior on a
systemd distro, or on an arbitrary non-systemd distro whose syslog
daemon has been configured to log auth.debug messages somewhere? If I
reconfigure rsyslog on my old Ubuntu 12.04 servers to log auth.debug,
I can see the auxprop sql messages there as well, despite log_level
set to 0. If I understand correctly, I shouldn't, or what else do I
need to set to make it stop?
I suggest opening a bug report, or attaching your findings to any
existing
bug reports, and include any links you have regarding systemd behavior in
suppressing auth.debug. And of course, include links to any patches that
you feel address this problem.
I didn't find a matching bug report in Cyrus Bugzilla, so will create a
new one. Thanks.
--
Patrick Wagner