Blog Forum Wiki Links Contact Us
[[syslog]]
 
Trace: » eeeXubuntu » Instalación » How to enable automatic adjusting of time » Mandriva 2008.1 on the eeePC installation HOWTO » Links » Wacom Support » Installing gtkPod » Preguntas Frecuentes (FAQ) » Some info on the OS from catting items in /proc and issuing a few other system commands » syslog
Translations of this page:

This solution may only be feasible if you have upgraded your memory to 2Gig, which I highly recommend since its so cheap.

After recompiling the kernel and adding iptables support, I wanted to be able to monitor any packets that were being dropped from my firewall. To this, I needed syslog. There have been many things written about limiting the number of writes to the SSD to prolong its life, and one of the recommended solutions for this is to not do any logging. The default eee installation has a standard syslgod, but it is not enabled. This can make trouble shooting problems really difficult if you are accustomed to looking at logs for error messages as I am. I decided to use a tmpfs for logging. The default system sets up a tmpfs file system at /dev/shm . I choose to upgrade the syslog to syslog-ng for added flexibility.

All commands are entered from a terminal as root: 

apt-get install syslog-ng

This will also remove the default syslogd and klogd.

I then created a new directory in /dev/shm 

mkdir /dev/shm/logs

and mounted it with unionfs 

mount -t unionfs -o dirs=/dev/shm/logs=rw:/var/log/=ro unionfs /var/log

This creates a writeable area “on top” of the already existing /var/log much the same way the original unionfs is setup on the eee. When ever you reboot, all the changes go away though, because they are being written to RAM instead of the SSD.

Now this is the point where I had problems. For some reason, syslog-ng would use ALL of the CPU time with the default configuration. I rewrote the config to just log everything to one file. So if you are following along, just replace your /etc/syslog-ng/syslog-ng.conf with the following: 

options {
      chain_hostnames(0);
      time_reopen(10);
      time_reap(360);
      log_fifo_size(2048);
      create_dirs(yes);
      group(adm);
      perm(0640);
      dir_perm(0755);
      use_dns(no);
stats_freq(0); 
};
source s_all {
      internal();
      unix-stream("/dev/log");
      file("/proc/kmsg" log_prefix("kernel: "));
};
destination df_messages { file("/var/log/messages"); };
filter f_messages {
      level(info,notice,warn,err,crit,alert,emerg);
};
log {
      source(s_all);
      filter(f_messages);
      destination(df_messages);
};

now start syslog-ng: 

/usr/sbin/invoke-rc.d syslog-ng start

Of course, as soon as you reboot, all of this goes away. If you want this setup every time you reboot:

Edit the /usr/sbin/services.sh and after the line that begins with “PATH” (in mine, that's the second line.) add the following: 

mkdir /dev/shm/logs
mount -t unionfs -o dirs=/dev/shm/logs=rw:/var/log/=ro unionfs /var/log

Then edit or create /etc/fastservices and add a single line with “syslog-ng” (no quotes.)

 
syslog.txt · Last modified: 2008/02/09 18:14 by immauss
 
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki