Currently ulogd firewall logs go to both /var/log/messages and /var/log/syslog and they can be quite noisy.
It might make sens to have them log to a dedicated file.
Currently ulogd firewall logs go to both /var/log/messages and /var/log/syslog and they can be quite noisy.
It might make sens to have them log to a dedicated file.
This was discussed in T116011 and the code to log to a separate file exists. the Reason for choosing to log to syslog was to simplify shipping logs to kafaka.
Another option could be to tune the logs so they are not so noisy. We could either change the logging frequencies/burst or filter out noise entries like we do for bootp
FWIW I'm ok with doing whichever is easiest, IIRC we can ship to kafka first and then add rules to log to a separate file.
Change 679388 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] base::firewall: ass switch to use seperate log file
Change 679392 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] hiera - sretest: test sending ulog to separate file
Change 679388 merged by Jbond:
[operations/puppet@production] base::firewall: add switch to use separate log file
Change 679392 merged by Jbond:
[operations/puppet@production] hiera - sretest: test sending ulog to separate file
Change 679756 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] P:base::firewall::log: set separate_file: true in production by default
Change 679756 merged by Jbond:
[operations/puppet@production] P:base::firewall::log: set separate_file: true in production by default
I have updated puppet on production so that ulogd log entries are redirected to /var/log/ulogd/syslog.log please re-open if you still see issues and sorry for the delay :)