Bug#837893: systemd: Logging from gnome session is passed on to all syslog facilities
Control: tags -1 + patch On Thu, 15 Sep 2016 11:15:29 +0200 Matijs van Zuijlen wrote: > Package: systemd > Version: 231-6 > Severity: normal > > Since recently, log messages from programs running under the gnome > session have started appearing in all logs in /var/logs, including > /var/logs/kern.log, even though my rsyslog configuration has not > changed, and correctly only routes kern.* there. > > This is very annoying since it fills the logs with messages that don't > belong there, and makes running logcheck tedious. > > It seems this is a recent regression, since before I was able to route > these messages to a low-priority log using the following rsyslog > configuration: > > user.=info;user.=notice;\ > user.=warn -/var/log/user-low.log > > If I look at the messages directly with journalctl -o verbose, it seems > they do not set the syslog facility, which should make them end up with > user facility, but doesn't. > Patch posted upstream at https://github.com/systemd/systemd/pull/5667 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#837893: systemd: Logging from gnome session is passed on to all syslog facilities
I think these messages are being (erroneously) passed specifically to
the KERN facility, not all facilities as the summary states.
For one thing, the superfluous messages don't appear in the user.log
file, as they do in kern.log, despite the fact that rsyslogd is
configured to route all facility=USER messages there, as per the
Debian default:
root@stretch:/var/log# fgrep -c 'Mar 25 21:07:16 stretch NetworkManager[423]:
[1490497636.9242] manager: startup complete' kern.log syslog user.log
kern.log:1
syslog:1
user.log:0
root@stretch:/var/log# egrep '(user|kern).log' /etc/rsyslog.conf
kern.* -/var/log/kern.log
user.* -/var/log/user.log
root@stretch:/var/log#
For another, after configuring rsyslogd with a custom template that
includes the facility (and priority) with each message, the offending
messages consistently have facility=KERN in every file in which they
do appear:
root@stretch:/var/log# fgrep template /etc/rsyslog.conf
$template MyFormat,"%pri-text%: %timegenerated% %HOSTNAME%
%syslogtag%%msg:::drop-last-lf%\n"
root@stretch:/var/log# fgrep -R 'Mar 25 21:35:19 stretch NetworkManager[423]:
[1490499319.1248] device (ens3): Activation: successful, device
activated.'
messages:kern.info: Mar 25 21:35:19 stretch NetworkManager[423]:
[1490499319.1248] device (ens3): Activation: successful, device activated.
kern.log:kern.info: Mar 25 21:35:19 stretch NetworkManager[423]:
[1490499319.1248] device (ens3): Activation: successful, device activated.
syslog:kern.info: Mar 25 21:35:19 stretch NetworkManager[423]:
[1490499319.1248] device (ens3): Activation: successful, device activated.
root@stretch:/var/log#
I'll go on the record with a prediction that this will turn out to be
directly related to the fact that the numeric value representing the
KERN facility is zero:
root@stretch:/var/log# fgrep KERN /usr/include/*/sys/syslog.h
#define LOG_KERN(0<<3) /* kernel messages */
{ "kern", LOG_KERN },
root@stretch:/var/log#
Anyway, this problem also exists on jessie, with systemd 215.
NetworkManager doesn't exhibit the problem there, making it less
noticeable, but gnome-session and pulseaudio can be seen in the
kern.log file.
One acceptable workaround seems to be to just disable the broken
functionality altogether, with ForwardToSyslog=no in
/etc/systemd/journald.conf, and just use journalctl(1) to view those
messages. Note, however, that the journal is only stored under /run by
default and so will be lost on shutdown; to avoid that, you simply
have to create the default directory /var/log/journal, and it will be
persisted there.
-nd.
Bug#837893: systemd: Logging from gnome session is passed on to all syslog facilities
On 19/12/16 00:24, Michael Biebl wrote: > I don't think this is a systemd bug per se, it just means that more > GNOME/desktop components now directly log to the journal [¹]. I don't think so, since the change was quite abrupt, but that could also be due to the transition to GNOME 3.22. > In this case the syslog facility is not set, as you already noticed. > Maybe glib should be updated to set the syslog facility to user, not sure. It seems the intention of journald is to set the facility to user if none is set: https://github.com/systemd/systemd/blob/master/src/journal/journald-syslog.c#L190 This is what to me seems to be broken at the moment. > [¹] > https://developer.gnome.org/glib/stable/glib-Message-Logging.html#g-log-structured > -- Matijs signature.asc Description: OpenPGP digital signature
Bug#837893: systemd: Logging from gnome session is passed on to all syslog facilities
On Thu, 15 Sep 2016 11:15:29 +0200 Matijs van Zuijlen wrote: > Package: systemd > Version: 231-6 > Severity: normal > > Since recently, log messages from programs running under the gnome > session have started appearing in all logs in /var/logs, including > /var/logs/kern.log, even though my rsyslog configuration has not > changed, and correctly only routes kern.* there. > > This is very annoying since it fills the logs with messages that don't > belong there, and makes running logcheck tedious. > > It seems this is a recent regression, since before I was able to route > these messages to a low-priority log using the following rsyslog > configuration: > > user.=info;user.=notice;\ > user.=warn -/var/log/user-low.log > > If I look at the messages directly with journalctl -o verbose, it seems > they do not set the syslog facility, which should make them end up with > user facility, but doesn't. I don't think this is a systemd bug per se, it just means that more GNOME/desktop components now directly log to the journal [¹]. In this case the syslog facility is not set, as you already noticed. Maybe glib should be updated to set the syslog facility to user, not sure. [¹] https://developer.gnome.org/glib/stable/glib-Message-Logging.html#g-log-structured -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#837893: systemd: Logging from gnome session is passed on to all syslog facilities
Package: systemd Version: 231-6 Severity: normal Since recently, log messages from programs running under the gnome session have started appearing in all logs in /var/logs, including /var/logs/kern.log, even though my rsyslog configuration has not changed, and correctly only routes kern.* there. This is very annoying since it fills the logs with messages that don't belong there, and makes running logcheck tedious. It seems this is a recent regression, since before I was able to route these messages to a low-priority log using the following rsyslog configuration: user.=info;user.=notice;\ user.=warn -/var/log/user-low.log If I look at the messages directly with journalctl -o verbose, it seems they do not set the syslog facility, which should make them end up with user facility, but doesn't. -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.115 ii libacl1 2.2.52-3 ii libapparmor12.10.95-4 ii libaudit1 1:2.6.6-1 ii libblkid1 2.28.2-1 ii libc6 2.24-2 ii libcap2 1:2.25-1 ii libcap2-bin 1:2.25-1 ii libcryptsetup4 2:1.7.0-2 ii libgcrypt20 1.7.3-1 ii libgpg-error0 1.24-1 ii libidn111.33-1 ii libip4tc0 1.6.0-3 ii libkmod222-1.1 ii liblzma55.1.1alpha+20120614-2.1 ii libmount1 2.28.2-1 ii libpam0g1.1.8-3.3 ii libseccomp2 2.3.1-2 ii libselinux1 2.5-3 ii libsystemd0 231-6 ii mount 2.28.2-1 ii util-linux 2.28.2-1 Versions of packages systemd recommends: ii dbus1.10.10-1 ii libpam-systemd 231-6 Versions of packages systemd suggests: ii policykit-10.105-16 pn systemd-container pn systemd-ui Versions of packages systemd is related to: ii udev 231-6 -- no debconf information
