Package: debian-edu-config
Version: 2.12.36
The size of log files on client machines should be limited more
aggressively, on a minimal or workstation install the following log
files have the potential to grow and to potentially enlarge and then
fill up the root partition:
- /var/log/auth.log
- /var/log/boot.log
- /var/log/cron.log
- /var/log/kern.log
- /var/log/mail.log
- /var/log/user.log
- /var/log/syslog
- /var/log/cups/access.log
- /var/log/cups/error.log
- /var/log/exim4/mainlog
- /var/log/munin/munin-node.log
- persistent systemd-journal
The first thing is that everything is logged three times, once in the
persistent journal locally, once in the rsyslog-configured log files,
and once remotely on the main server.
Possible solutions for minimal and workstation profiles:
- limit what is logged locally by either
a) making the journal non-persistent
b) or keeping the journal persistent, limit its size but configure rsyslog
to forward only
the current default journal size limit is between 10% of free disk space
and 4 GB
c) or making the journal non-persistent and configure rsyslog to forward
only
- run logrotate hourly instead of daily
For the portable-workstation profile local logs need to be kept but we
should do so either using the persistent journal or rsyslog log files
but not both.
I am leaning towards option b) since the persistent journal is already the
default and it is simple to apply an absolute limit for everything logged
through syslog. This would be suitable for the portable profile as well.
Suggestions?
--
Guido Berhoerster
