Robert Watson wrote:
On Fri, 25 May 2007, Andre Oppermann wrote:
Kernel-sourced log messages result in an fsync() of log files the
message is written to, as syslogd feels that kernel messages are very
important and should go to disk as quickly and reliably as possible.
As a result, it's very desirable to rate limit (ideally no more than
1pps) packet-generated log messages. I've been thinking of adding a
spp function to match ppsprint for things like kernel warnings about
the audit trail storage partition filling up, as one message a second
is still a lot.
kern.debug should not be automatically written and fsync()ed to disk.
All these TCP messages are sourced as kern.debug (except for the log_
in_vain variety with kern.info but that's something the user has to
explicitly enable).
I don't know the actual historical reason, but I've always assumed that
the fsync'ing of kernel log data is a result of kernel output being used
for system debugging, which tends to occur when the system is behaving
in an unstable way. Syncing the messages to disk means that the chances
of the message not being there later due to being lost somewhere in the
cache are greatly reduced -- i.e., on a system crash, you want debugging
data until the last possible moment. I think this is useful behavior,
although it does make klog a less useful logging mechanism for high
volume debug data -- for that we generally prefer KTR + ALQ.
The syslog log level LOG_DEBUG is the lowest possible level and
according to the descriptions meant to be used for informal messages
during program debugging. Everything below LOG_NOTICE should not
need fsync after each line. An examination of all users of LOG_DEBUG
in our kernel doesn't show anything critical that would require fsync.
The attached patch fixes syslog.conf in this regard.
My recommendation would simply be to stick this under pps and limit to 5
warnings/sec or the like and stick with things basically as they are
otherwise. I would also suggest that these printfs be disabled in
production systems, and solely used in the development branch (which is
true now, but should remain true later).
OK, we can do that before 7.0R.
--
Andre
$ cvs diff -up syslog.conf
Index: syslog.conf
===================================================================
RCS file: /home/ncvs/src/etc/syslog.conf,v
retrieving revision 1.28
diff -u -p -r1.28 syslog.conf
--- syslog.conf 12 Mar 2005 12:31:16 -0000 1.28
+++ syslog.conf 25 May 2007 21:20:54 -0000
@@ -6,14 +6,15 @@
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit /dev/console
-*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
+*.notice;authpriv.none;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
-*.=debug /var/log/debug.log
+# do not call fsync() after each line for debug messages
+*.=debug -/var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
