cvs commit: src/sys/netinet tcp_syncache.c
Andre Oppermann
andre at freebsd.org
Fri May 25 21:21:34 UTC 2007
Robert Watson wrote:
>
> On Fri, 25 May 2007, Andre Oppermann wrote:
>
>>> Kernel-sourced log messages result in an fsync() of log files the
>>> message is written to, as syslogd feels that kernel messages are very
>>> important and should go to disk as quickly and reliably as possible.
>>> As a result, it's very desirable to rate limit (ideally no more than
>>> 1pps) packet-generated log messages. I've been thinking of adding a
>>> spp function to match ppsprint for things like kernel warnings about
>>> the audit trail storage partition filling up, as one message a second
>>> is still a lot.
>>
>> kern.debug should not be automatically written and fsync()ed to disk.
>> All these TCP messages are sourced as kern.debug (except for the log_
>> in_vain variety with kern.info but that's something the user has to
>> explicitly enable).
>
> I don't know the actual historical reason, but I've always assumed that
> the fsync'ing of kernel log data is a result of kernel output being used
> for system debugging, which tends to occur when the system is behaving
> in an unstable way. Syncing the messages to disk means that the chances
> of the message not being there later due to being lost somewhere in the
> cache are greatly reduced -- i.e., on a system crash, you want debugging
> data until the last possible moment. I think this is useful behavior,
> although it does make klog a less useful logging mechanism for high
> volume debug data -- for that we generally prefer KTR + ALQ.
The syslog log level LOG_DEBUG is the lowest possible level and
according to the descriptions meant to be used for informal messages
during program debugging. Everything below LOG_NOTICE should not
need fsync after each line. An examination of all users of LOG_DEBUG
in our kernel doesn't show anything critical that would require fsync.
The attached patch fixes syslog.conf in this regard.
> My recommendation would simply be to stick this under pps and limit to 5
> warnings/sec or the like and stick with things basically as they are
> otherwise. I would also suggest that these printfs be disabled in
> production systems, and solely used in the development branch (which is
> true now, but should remain true later).
OK, we can do that before 7.0R.
--
Andre
$ cvs diff -up syslog.conf
Index: syslog.conf
===================================================================
RCS file: /home/ncvs/src/etc/syslog.conf,v
retrieving revision 1.28
diff -u -p -r1.28 syslog.conf
--- syslog.conf 12 Mar 2005 12:31:16 -0000 1.28
+++ syslog.conf 25 May 2007 21:20:54 -0000
@@ -6,14 +6,15 @@
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit /dev/console
-*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
+*.notice;authpriv.none;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
-*.=debug /var/log/debug.log
+# do not call fsync() after each line for debug messages
+*.=debug -/var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
More information about the cvs-src
mailing list