Project

General

Profile

Actions

Demande #5940

open

Gestion de l'espace disque des logs systemd

Added by François Poulain almost 2 years ago. Updated 25 days ago.

Status:
En cours de traitement
Priority:
Normale
Category:
-
Target version:
Start date:
07/24/2022
Due date:
% Done:

0%

Estimated time:
Difficulté:
2 Facile

Description

A l'occasion d'un reboot, vu sur mail :

░░ Subject: Espace disque utilisé par le journal
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ Documentation: man:journald.conf(5)
░░ 
░░ System Journal (/var/log/journal/3e08aff87de2df4b85ab7dff31b48af5) utilise actuellement 912.0M.
░░ Le maximum autorisé est défini à 871.9M.
░░ Au moins 435.9M doivent être laissés libres
░░ (sur 3.8G d'espace disque actuellement libre).
░░ La limite appliquée est donc 871.9M, dont 0B
░░ sont toujours disponibles.
░░ 
░░ Les limites définissant la quantité d'espace disque que peut utiliser le
░░ journal peuvent être configurées avec les paramètres SystemMaxUse=,
░░ SystemKeepFree=, SystemMaxFileSize=, RuntimeMaxUse=, RuntimeKeepFree=,
░░ RuntimeMaxFileSize= dans le fichier /etc/systemd/journald.conf.
░░ Voir journald.conf(5) pour plus de détails.

Actions #1

Updated by François Poulain almost 2 years ago

Je cherche donc qui crache du log. Je trouve un dovecot en mode debug.

Actions #2

Updated by François Poulain almost 2 years ago

On voit aussi beaucoup de connexion failed après auth dans les logs postfix. Un fail2ban (ou un réglage de fail2ban) serait utile.

Actions #3

Updated by François Poulain almost 2 years ago

  • Status changed from Nouveau to En cours de traitement
  • Assignee set to François Poulain
  • Target version changed from Backlog to Été 2022
Actions #4

Updated by François Poulain almost 2 years ago

Pour le soucis initial, j'ai demandé à journalctl de réduire la voilure :

(April) root@mail:/var/log# journalctl --disk-usage
Archived and active journals take up 912.0M in the file system.

(April) root@mail:/var/log# journalctl --vacuum-size=500M
Vacuuming done, freed 0B of archived journals from /run/log/journal.
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (96.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (96.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (8.0M).
Deleted archived journal (104.0M).
Vacuuming done, freed 432.0M of archived journals from /var/log/journal/3e08aff87de2df4b85ab7dff31b48af5.
Vacuuming done, freed 0B of archived journals from /var/log/journal.

(April) root@mail:/var/log# systemctl start systemd-journal-flush.service

-> Ok.

Actions #5

Updated by Quentin Gibeaux almost 2 years ago

  • Target version changed from Été 2022 to Septembre 2022
Actions #6

Updated by Quentin Gibeaux almost 2 years ago

  • Target version changed from Septembre 2022 to Octobre 2022
Actions #7

Updated by Quentin Gibeaux over 1 year ago

  • Target version changed from Octobre 2022 to Novembre 2022
Actions #8

Updated by Quentin Gibeaux over 1 year ago

  • Target version changed from Novembre 2022 to Décembre 2022
Actions #9

Updated by Quentin Gibeaux over 1 year ago

  • Target version changed from Décembre 2022 to Janvier 2023
Actions #10

Updated by Quentin Gibeaux over 1 year ago

  • Target version changed from Janvier 2023 to Février 2023
Actions #11

Updated by Frédéric Couchet over 1 year ago

  • Target version changed from Février 2023 to Mars 2023
Actions #12

Updated by Quentin Gibeaux over 1 year ago

  • Target version changed from Mars 2023 to Avril 2023
Actions #13

Updated by Quentin Gibeaux about 1 year ago

  • Target version changed from Avril 2023 to Mai 2023
Actions #14

Updated by Quentin Gibeaux about 1 year ago

  • Target version changed from Mai 2023 to Juin 2023
Actions #15

Updated by Quentin Gibeaux about 1 year ago

  • Target version changed from Juin 2023 to Été 2023
Actions #16

Updated by Quentin Gibeaux 11 months ago

  • Target version changed from Été 2023 to Septembre 2023
Actions #17

Updated by Quentin Gibeaux 10 months ago

  • Target version changed from Septembre 2023 to Octobre 2023
Actions #18

Updated by Quentin Gibeaux 9 months ago

  • Target version changed from Octobre 2023 to Novembre 2023
Actions #19

Updated by Quentin Gibeaux 8 months ago

  • Target version changed from Novembre 2023 to Décembre 2023
Actions #20

Updated by Quentin Gibeaux 7 months ago

  • Target version changed from Décembre 2023 to Janvier 2024
Actions #21

Updated by Quentin Gibeaux 6 months ago

  • Target version changed from Janvier 2024 to Février 2024
Actions #22

Updated by Quentin Gibeaux 5 months ago

  • Target version changed from Février 2024 to Mars 2024
Actions #23

Updated by François Poulain 4 months ago

J'avais ouvert ce ticket dans un but d'information mais je ne sais pas si c'est utile d'agir plus en avant. On peut éventuellement ajuster le SystemMaxFileSize dans journald.conf.d/ sur les différents serveurs.

Globalement on en est ici :

$ ./admin/scripts/do.sh du -sh /var/log/journal/ ===== bastion =====
1,4G /var/log/journal/
Shared connection to vip.april.org closed. ===== admin =====
3,3G /var/log/journal/
Shared connection to admin.cluster.april.org closed. ===== dns =====
363M /var/log/journal/
Shared connection to dns.cluster.april.org closed. ===== mail =====
921M /var/log/journal/
Shared connection to mail.cluster.april.org closed. ===== sympa =====
817M /var/log/journal/
Shared connection to sympa.cluster.april.org closed. ===== adl =====
362M /var/log/journal/
Shared connection to adl.cluster.april.org closed. ===== lamp =====
609M /var/log/journal/
Shared connection to lamp.cluster.april.org closed. ===== agir =====
897M /var/log/journal/
Shared connection to agir.cluster.april.org closed. ===== bots =====
393M /var/log/journal/
Shared connection to bots.cluster.april.org closed. ===== dtc =====
du: cannot access '/var/log/journal/': No such file or directory
Shared connection to dtc.cluster.april.org closed. ===== drupal6 =====
du: cannot access ‘/var/log/journal/’: No such file or directory
Shared connection to drupal6.cluster.april.org closed. ===== drupal-test =====
1,4G /var/log/journal/
Shared connection to drupal-test.cluster.april.org closed. ===== republique-numerique =====
401M /var/log/journal/
Shared connection to republique-numerique.cluster.april.org closed. ===== mumble =====
349M /var/log/journal/
Shared connection to mumble.cluster.april.org closed. ===== candidatsfr =====
457M /var/log/journal/
Shared connection to candidatsfr.cluster.april.org closed. ===== pad =====
377M /var/log/journal/
Shared connection to pad.cluster.april.org closed. ===== scm =====
457M /var/log/journal/
Shared connection to scm.cluster.april.org closed. ===== pouet =====
429M /var/log/journal/
Shared connection to pouet.cluster.april.org closed. ===== webchat =====
785M /var/log/journal/
Shared connection to webchat.cluster.april.org closed. ===== spip =====
368M /var/log/journal/
Shared connection to spip.cluster.april.org closed. ===== pad-test =====
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535 ===== virola.april.org =====
585M /var/log/journal/
Shared connection to virola.april.org closed. ===== calamus.april.org =====
417M /var/log/journal/
Shared connection to calamus.april.org closed. ===== galanga.april.org =====
385M /var/log/journal/
Shared connection to galanga.april.org closed.

Un avis sur ce qu'il convient de faire ?

Actions #24

Updated by Quentin Gibeaux 4 months ago

  • Target version changed from Mars 2024 to Avril 2024
Actions #25

Updated by Quentin Gibeaux 3 months ago

  • Target version changed from Avril 2024 to Mai 2024
Actions #26

Updated by Quentin Gibeaux about 2 months ago

  • Target version changed from Mai 2024 to Juin 2024
Actions #27

Updated by Quentin Gibeaux 25 days ago

  • Target version changed from Juin 2024 to Été 2024
Actions

Also available in: Atom PDF