Excessive Logging problem in /var/log

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Excessive Logging problem in /var/log

Destin J Funk
Dear all Ubuntu Users and developers,

I have a problem. More than 4G in this directory
*******@***:~$ sudo du --summarize -h /var/log
4.2G /var/log

Then I deleted most of the logging files with sudo rm /var/log/* and restarted the computer. I rechecked the directory with
*******@***:~$ sudo du --summarize -h /var/log/*
316K /var/log/apt
24K /var/log/asterisk
4.0K /var/log/auth.log
8.0K /var/log/boot.log
0 /var/log/btmp
44K /var/log/cups
4.0K /var/log/dist-upgrade
4.0K /var/log/gdm3
4.0K /var/log/gpu-manager.log
8.0K /var/log/hp
7.9M /var/log/installer
4.2G /var/log/journal
92K /var/log/kern.log
4.0K /var/log/lastlog
4.0K /var/log/openvpn
4.0K /var/log/speech-dispatcher
276K /var/log/syslog
28K /var/log/unattended-upgrades
4.0K /var/log/wtmp
40K /var/log/Xorg.0.log

in /var/log/journal file, more than 4G of data in it. I run in command line
*******@***:~$ journalctl and I saw a repetitive log from audit. I Press Pg Dn and all the log are the same. This is a snapshot of it

Jul 20 02:11:51 ******** kernel: audit: type=1400 audit(1532038310.949:1616565): apparmor="DENIED" operation="open" profile="snap.gnome-system-monitor.gnome-system-monitor" name="/proc/1/cgroup" pid=6664 comm="gnome-system-mo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jul 20 02:11:49 ******** audit[6664]: AVC apparmor="DENIED" operation="open" profile="snap.gnome-system-monitor.gnome-system-monitor" name="/proc/503/cgroup" pid=6664 comm="gnome-system-mo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jul 20 02:11:55 ******** kernel: kauditd_printk_skb: 7693 callbacks suppressed

I am running a desktop version Ubuntu 18.04 with latest update. I did not change any configuration for audit and the apparmour.
Can someone help me solve with this problem.

--------------------------------------------



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Excessive Logging problem in /var/log

Chris Green
On Fri, Oct 05, 2018 at 03:27:40PM +0400, Destin J Funk wrote:
> Dear all Ubuntu Users and developers,
>
> I have a problem. More than 4G in this directory
> *******@***:~$ sudo du --summarize -h /var/log
> 4.2G /var/log
>
It's the systemd journal, the default set-up means that it only starts
throwing away old logs when it reaches 4Gb (there are other limits but
they only really affect it if it's on a small filesystem).

I think that 4Gb is ridiculously large.  Reducing the 4Gb limit can be
done but you need to read the systemd documentation first really.

--
Chris Green

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users