In "/var/log", "kern.log" "messages" "syslog" swamp disk partition

Derek Broughton news at pointerstop.ca
Tue Sep 26 15:17:49 UTC 2006 

Masatran (Deepak), R. wrote:

> * Derek Broughton <news at pointerstop.ca> 2006-09-26
>> 
>> And since it's your ethernet device that's reporting the messages (not
>> very well - if it did it on a single line, the log daemon would simply
>> report "previous message repeated xxxxxxx times" and not fill your
>> disk!), what driver does it use?
> 
> I have no idea what driver it uses. How can I find out?

What _do_ you know about it?  There should be an easy way to do this, but
I'm not having much luck figuring it out.  Do: 
  ls -l /sys/class/net/eth0/device
that should tell you what PCI device it is. In my case:
othello:~# ls -l /sys/class/net/eth0/device
lrwxrwxrwx 1 root root 0 2006-09-26
11:50 /sys/class/net/eth0/device -> ../../../devices/pci0000:00/0000:00:1e.0/0000:03:03.0

Then:
  lspci 

and look for that last portion of the device path (03:03.0, in that case).
> 
> I am using DHCP. It is getting disconnected periodically. It starts
> working after:
> 
>     sudo /etc/init.d/networking restart
> 
> I haven't checked whether the networking problem and the logging problem
> occur simultaneously.

I would bet they do.

As for suppressing the messages, /etc/syslog.conf should currently have
these lines (not all together):
 *.*;auth,authpriv.none          -/var/log/syslog
 kern.*                          -/var/log/kern.log
 .=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

If you changed them to:
 *.*;auth,authpriv.none,kern     -/var/log/syslog
 kern.*,kern.!=info              -/var/log/kern.log
 .=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none,kern      -/var/log/messages

it should stop sending any kernel messages to syslog or messages (you don't
need them in all three files) and stop sending "info" messages to kern.log. 
The latter might be sufficient to stop the messages flooding kern.log (by
suppressing either of those two repeated messages - then you'll just get 
"last message repeated N times" between the first of those ethernet messages
and the next legitimate kernel message.  If that doesn't help, you could
also add "kern.!=notice" to the options for kern.log.  The hope is that the
two messages are not sent at the same log level, but we can't be certain
it's true, and you probably don't want to disable any kernel messages more
important than "notice".
-- 
derek

More information about the ubuntu-users mailing list