Page MenuHomePhabricator
Create Task
Maniphest T238414

Write ulogd logs to a dedicated logfile
Closed, ResolvedPublic
Actions

Description

Currently ulogd firewall logs go to both /var/log/messages and /var/log/syslog and they can be quite noisy.

It might make sens to have them log to a dedicated file.

Details

SubjectRepoBranchLines +/-
P:base::firewall::log: set separate_file: true in production by defaultoperations/puppetproduction+1 -2
hiera - sretest: test sending ulog to separate fileoperations/puppetproduction+1 -1
base::firewall: add switch to use separate log fileoperations/puppetproduction+31 -18
Customize query in gerrit

Related Objects

Event Timeline

ayounsi triaged this task as Medium priority.Nov 15 2019, 4:27 PM
ayounsi created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 15 2019, 4:27 PM
jbond added a subscriber: User-jbond.Nov 18 2019, 10:39 AM
jbond added a comment.Nov 18 2019, 10:44 AM

This was discussed in T116011 and the code to log to a separate file exists. the Reason for choosing to log to syslog was to simplify shipping logs to kafaka.

Another option could be to tune the logs so they are not so noisy. We could either change the logging frequencies/burst or filter out noise entries like we do for bootp

jbond added a project: observability.Nov 18 2019, 10:45 AM
fgiunchedi subscribed.Nov 25 2019, 10:41 AM

FWIW I'm ok with doing whichever is easiest, IIRC we can ship to kafka first and then add rules to log to a separate file.

Aklapper added a project: User-jbond.Jun 1 2020, 9:58 AM
Aklapper removed a subscriber: User-jbond.
fgiunchedi moved this task from Inbox to Radar on the observability board.Jul 20 2020, 1:12 PM
ayounsi mentioned this in T265590: ulog: filter out diffscan from ulog.Oct 19 2020, 7:50 AM
gerritbot added a comment.Apr 14 2021, 4:20 PM

Change 679388 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] base::firewall: ass switch to use seperate log file

https://gerrit.wikimedia.org/r/679388

gerritbot added a project: Patch-For-Review.Apr 14 2021, 4:20 PM
gerritbot added a comment.Apr 14 2021, 4:45 PM

Change 679392 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] hiera - sretest: test sending ulog to separate file

https://gerrit.wikimedia.org/r/679392

gerritbot added a comment.Apr 15 2021, 10:49 AM

Change 679388 merged by Jbond:

[operations/puppet@production] base::firewall: add switch to use separate log file

https://gerrit.wikimedia.org/r/679388

gerritbot added a comment.Apr 15 2021, 10:49 AM

Change 679392 merged by Jbond:

[operations/puppet@production] hiera - sretest: test sending ulog to separate file

https://gerrit.wikimedia.org/r/679392

gerritbot added a comment.Apr 15 2021, 10:54 AM

Change 679756 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] P:base::firewall::log: set separate_file: true in production by default

https://gerrit.wikimedia.org/r/679756

gerritbot added a comment.Apr 15 2021, 10:55 AM

Change 679756 merged by Jbond:

[operations/puppet@production] P:base::firewall::log: set separate_file: true in production by default

https://gerrit.wikimedia.org/r/679756

jbond closed this task as Resolved.Apr 15 2021, 10:57 AM
jbond claimed this task.

I have updated puppet on production so that ulogd log entries are redirected to /var/log/ulogd/syslog.log please re-open if you still see issues and sorry for the delay :)

Maintenance_bot removed a project: Patch-For-Review.Apr 15 2021, 11:10 AM
fgiunchedi mentioned this in T325806: Help refreshing firewall dashboards.Jan 9 2023, 3:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL