Re: [systemd-devel] Suppressing spam error messages in the system journal
I agree that i should have had much lower log level. This is now fixed properly upstream via https://github.com/systemd/systemd/pull/18638/files I will try to backport that to stable series or at least drop the log level to debug. On Mon, 19 Oct 2020 at 15:05, Michael Biebl wrote: > > Am Mo., 19. Okt. 2020 um 15:56 Uhr schrieb Lennart Poettering > : > > > > > 2) Could resolved be changed so that this message is only emitted > > > (say) once for every 100 or 500 times that the condition is > > > detected. > > > > We actually try hard to suppress unnecessary log lines, but I think > > this one is a downstream change. > > > > > https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch?h=ubuntu/focal-updates > > Bringing Dimitri into the loop here. > > Michael -- Regards, Dimitri. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
Am 22.10.20 um 21:45 schrieb fox: While it may be true that "frontends" might provide some filtering (rsyslog, plenty of options, journalctl much less) in COCKPIT that filtering is easy, effective and intuitive to perform well, us greybeards don't need handholding for configure machines as we don't need to be told what we have to log or not and how we dispaly it :-) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
While it may be true that "frontends" might provide some filtering (rsyslog, plenty of options, journalctl much less) in COCKPIT that filtering is easy, effective and intuitive to perform. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
On 10/22/20 9:55 AM, Dave Howorth wrote: On Thu, 22 Oct 2020 15:27:58 +0200 Reindl Harald wrote: Am 22.10.20 um 12:59 schrieb Lennart Poettering: On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote: 1) Is there any way in journald.conf to perform a message suppression similar to the one I used for syslog? If not should there be one? No. Does that mean no there isn't and also that there should not be, or are you open to considering allowing a suppression mechanism similar to that available in rsyslogd? Not a fan of such hacks. Fix the programs or filter during display, don't suppress at time of collection. it's not a matter of fan or not it just makes sense to filter out things one *never* want to see at all instead store it I think Lennart's point is that whatever happened to cause something in the system to make a log entry happened, and that should be recorded. Even though you may never want to see such evidence somebody, somewhere might want it as part of an investigation, so it's better that it's captured and preserved. The space will eventually be reclaimed so there's no harm done. And as he suggests, if you never want to see it, then filter it out on display. There still could be some worthwhile cases though. While it may be true that "frontends" might provide some filtering (rsyslog, plenty of options, journalctl much less), allowing filtering at the source to prevent huge log gathering thus avoiding having massive retention and/or storage requirements for data that ends up being very temporal, could be of benefit. (I know, disk and memory are cheap... but should that be our answer?) So, I could see this being useful to some. For me, I always do the rsyslog forwarding thing to keep my sanity (by filtering the noise level). And that works for me. Let journald just churn and roll. For me, this is "the workaround" for the issue. Our developers insist on inserting ANSI escape sequences in their logs... maybe some won't see the correlation. When there's too much "noise", especially when you don't know precisely what you are looking for, a very noisy log of "useless" data (noting, that it's conceivable that "something" gathered is "universally" useless for an organization) can be very difficult to parse through. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
Am 22.10.20 um 16:55 schrieb Dave Howorth: On Thu, 22 Oct 2020 15:27:58 +0200 Reindl Harald wrote: Am 22.10.20 um 12:59 schrieb Lennart Poettering: On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote: 1) Is there any way in journald.conf to perform a message suppression similar to the one I used for syslog? If not should there be one? No. Does that mean no there isn't and also that there should not be, or are you open to considering allowing a suppression mechanism similar to that available in rsyslogd? Not a fan of such hacks. Fix the programs or filter during display, don't suppress at time of collection. it's not a matter of fan or not it just makes sense to filter out things one *never* want to see at all instead store it I think Lennart's point is that whatever happened to cause something in the system to make a log entry happened, and that should be recorded. Even though you may never want to see such evidence somebody, somewhere might want it as part of an investigation, so it's better that it's captured and preserved. The space will eventually be reclaimed so there's no harm done. And as he suggests, if you never want to see it, then filter it out on display. different mindshapes which shouldn't even need a long discussion, there are people with different preferences and it's not too hard to implement a filter nobody needs to use it it's not in use as default i personally hate it that i have to apply filters at display time again and again for stuff i don't care about a lot fo software logs informational stuff nobody cares most of the time and all that noise burries rellay relevant stuff - in the best case i don't see anything at all in logs which don't need attention again: if there is a config everyone is happy ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
On Thu, 22 Oct 2020 15:27:58 +0200 Reindl Harald wrote: > Am 22.10.20 um 12:59 schrieb Lennart Poettering: > > On Do, 22.10.20 11:11, David C. Partridge > > (david.partri...@perdrix.co.uk) wrote: > 1) Is there any way in journald.conf to perform a > message > >> suppression > similar to the one I used for syslog? If not should there be > one? > >> > >>> No. > >> > >> Does that mean no there isn't and also that there should not be, > >> or are you open to considering allowing a suppression mechanism > >> similar to that available in rsyslogd? > > > > Not a fan of such hacks. Fix the programs or filter during display, > > don't suppress at time of collection. > > it's not a matter of fan or not > > it just makes sense to filter out things one *never* want to see at > all instead store it I think Lennart's point is that whatever happened to cause something in the system to make a log entry happened, and that should be recorded. Even though you may never want to see such evidence somebody, somewhere might want it as part of an investigation, so it's better that it's captured and preserved. The space will eventually be reclaimed so there's no harm done. And as he suggests, if you never want to see it, then filter it out on display. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
Am 22.10.20 um 12:59 schrieb Lennart Poettering: On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote: 1) Is there any way in journald.conf to perform a message suppression similar to the one I used for syslog? If not should there be one? No. Does that mean no there isn't and also that there should not be, or are you open to considering allowing a suppression mechanism similar to that available in rsyslogd? Not a fan of such hacks. Fix the programs or filter during display, don't suppress at time of collection. it's not a matter of fan or not it just makes sense to filter out things one *never* want to see at all instead store it ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote: > >>1) Is there any way in journald.conf to perform a message > suppression > >> similar to the one I used for syslog? If not should there be one? > > >No. > > Does that mean no there isn't and also that there should not be, or are you > open to considering allowing a suppression mechanism similar to that > available in rsyslogd? Not a fan of such hacks. Fix the programs or filter during display, don#t suppress at time of collection. Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
Dimitri In case you didn't see the earlier messages in this thread, I'm seeing thousands of the DVE-2018-0001 messages, to the extent that they outnumber the other messages in the log! Please could I ask you to review this with the intent of either disabling this message completely, or only issuing it once every few hundred detections? Or if the problem is a client side problem is it possible to ID what it is and get debian-transmission to fix their code? Thanks David -Original Message- From: Michael Biebl [mailto:mbi...@gmail.com] Sent: 19 October 2020 15:05 To: Lennart Poettering; Dimitri John Ledkov Cc: David C. Partridge; systemd Mailing List Subject: Re: [systemd-devel] Suppressing spam error messages in the system journal Am Mo., 19. Okt. 2020 um 15:56 Uhr schrieb Lennart Poettering : > > > 2) Could resolved be changed so that this message is only emitted > > (say) once for every 100 or 500 times that the condition is > > detected. > > We actually try hard to suppress unnecessary log lines, but I think > this one is a downstream change. > https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch?h=ubuntu/focal-updates Bringing Dimitri into the loop here. Michael ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
>> 1) Is there any way in journald.conf to perform a message suppression >> similar to the one I used for syslog? If not should there be one? >No. Does that mean no there isn't and also that there should not be, or are you open to considering allowing a suppression mechanism similar to that available in rsyslogd? David -Original Message- From: Lennart Poettering [mailto:lenn...@poettering.net] Sent: 19 October 2020 14:57 To: David C. Partridge Cc: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] Suppressing spam error messages in the system journal On Mo, 19.10.20 11:36, David C. Partridge (david.partri...@perdrix.co.uk) wrote: > Hi all, > > system-resolved is spamming the system logs with thousands of messages: > > Server returned error NXDOMAIN, mitigating potential DNS violation > DVE-2018-0001, retrying transaction with reduced feature level UDP. We have no such log line upstream. This much be a downstream change (Ubuntu?). > So I thought I'd come to the systemd list to see what can be done. > > The system in question is a fresh installation of LUbuntu 20.04.1 and the > offending errors started appearing in bulk not long after I had installed > transmission-daemon and moved my existing configuration across. > > I've added the following to etc/rsyslog.d/50-default.conf: > > if ($programname == "systemd-resolved") and ($msg contains > "DVE-2018-0001") then stop > > which means that these messages no longer clog up syslog. > > However this doesn't suppress them in the system journal. > > Three questions spring to mind: > > 1) Is there any way in journald.conf to perform a message > suppression similar to the one I used for syslog? If not should there be > one? No. > 2) Could resolved be changed so that this message is only emitted > (say) once for every 100 or 500 times that the condition is > detected. We actually try hard to suppress unnecessary log lines, but I think this one is a downstream change. Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
Am Mo., 19. Okt. 2020 um 15:56 Uhr schrieb Lennart Poettering : > > > 2) Could resolved be changed so that this message is only emitted > > (say) once for every 100 or 500 times that the condition is > > detected. > > We actually try hard to suppress unnecessary log lines, but I think > this one is a downstream change. > https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch?h=ubuntu/focal-updates Bringing Dimitri into the loop here. Michael ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Suppressing spam error messages in the system journal
On Mo, 19.10.20 11:36, David C. Partridge (david.partri...@perdrix.co.uk) wrote: > Hi all, > > system-resolved is spamming the system logs with thousands of messages: > > Server returned error NXDOMAIN, mitigating potential DNS violation > DVE-2018-0001, retrying transaction with reduced feature level UDP. We have no such log line upstream. This much be a downstream change (Ubuntu?). > So I thought I'd come to the systemd list to see what can be done. > > The system in question is a fresh installation of LUbuntu 20.04.1 and the > offending errors started appearing in bulk not long after I had installed > transmission-daemon and moved my existing configuration across. > > I've added the following to etc/rsyslog.d/50-default.conf: > > if ($programname == "systemd-resolved") and ($msg contains > "DVE-2018-0001") then stop > > which means that these messages no longer clog up syslog. > > However this doesn't suppress them in the system journal. > > Three questions spring to mind: > > 1) Is there any way in journald.conf to perform a message > suppression similar to the one I used for syslog? If not should there be > one? No. > 2) Could resolved be changed so that this message is only emitted > (say) once for every 100 or 500 times that the condition is > detected. We actually try hard to suppress unnecessary log lines, but I think this one is a downstream change. Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel