Bug#773752: gdm3: GDM3 pollutes system logs with user session output under systemd
Michael Biebl
biebl at debian.org
Fri Apr 24 10:21:31 UTC 2015
On Fri, 24 Apr 2015 10:55:13 +0200 Vincent Danjean <vdanjean at debian.org>
wrote:
> Package: gdm3
> Version: 3.14.1-7
> Followup-For: Bug #773752
>
> Hi,
>
> I suffer from this bug since I upgraded several of my machines/servers to
> jessie. It is a pity this bug has not been handled before jessie release. It
> should be fixed ASAP to go into a point release.
> In addition of the flooding of /var/log, the current behavior also have a
> strong effect on the usability of 'logcheck'. To my knowledge, there is no way
> to filter in logcheck messages from user application (Gtk, ...)
> Due to the break of logcheck usability, I'm increasing the severity of this
> bug. Monitoring a machine with logcheck where there are graphical user sessions
> is not doable in jessie anymore. For me, this is a serious regression with
> security implication.
>
> If there is an easy workaround (as modifying a config file but not
> recompiling the package with the suggested option) to avoid user log in syslog
> or to filter them automatically in logcheck, please tell us and downgrade this
> bug severity.
You can try this work-around, to drop all user-level messages:
$ echo 'user.* stop' > /etc/rsyslog.d/drop-user-messages.conf
$ systemctl restart rsyslog.service
An alternative to dropping the user messages, is to log them to a
separate log file which has different log retention policies.
It's unfortunate, that the default (r)syslog configuration in Debian
logs those messages to various files.
We already have a
user.* -/var/log/user.log
line in rsyslog.conf, but we also log those messages to other files,
like the catch-all /var/log/syslog and /var/log/messages.
This is mostly historical baggage and should be cleaned up eventually.
I also think, it's actually a good thing, that we now catch the user log
messages in the journal. Makes it easier to spot problems.
But we should fix the individual applications to not log excessively
(unless a --debug switch is used).
Michaeh
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20150424/a5c85efc/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list