Re: Certbot excessive logging
On 02/12/2017 10:35 PM, Saint Germain wrote:
> But perhaps indeed I should log everything and filter it only for
> monitoring purpose.
Well, if you lower the log level to 'debug' then you'll log way too
much, so you'll have to strike a balance.
> In my limited experience however, when there was a problem, I often
> managed to quickly isolate it and to activate the relevant debug
> logging and reproduce the bug/problem.
> With your example for instance (cron syslog message), could you provide
> some rational to let it log such messages for years after being set up ?
Well, you don't have to keep your logs for years. ;-)
The point is: if you have a problem that's easily reproducible,
then of course it works to temporarily increase the log level. But
if something goes really wrong _once_, the less messages you have
available after the fact the more difficult it is to figure out
the problem retroactively (and figure out if that's something
you'll need to worry about in the future).
Of course, completely enabling debug logging all the time is also
not a solution, as that will produce just too much data (waste of
storage and makes it much harder to sift through it) - so one has
to strike some kind of balance here.
And when you think about stuff that can go wrong: which services
are being started / stopped at a given time is a very useful
information to have in retrospect when trying to figure out a
problem that happened. So these systemd messages are very useful
to keep around in my opinion - even if you don't want to see them
via e.g. logcheck.
> Another reason was that I used to manage a system with the OS on a
> standard hard drive. Most of the type the system was idle and not doing
> anything. However info-level logging (like cron) kept the hard drive to
> go on standby. So I deactivated such logs (I didn't want to create a
> tmpfs drive for /var/log, this is a hot topic which has been previously
> debated to no end).
You could install laptop-mode-tools and increase the time interval
of drive spinups.
You could log info messages only to tmpfs (but higher priority
messages directly to disk) and rotate the more detailed log once
daily to the disk, so that will only spin up your disk every 24h
because of logs.
You could plug in a small USB stick and store the logs there, that
doesn't use that much power and it doesn't produce noise.
All of these have up and downsides, but they are a few suggestions
you could look into.
Hope that gives you a bit of food for thought.