[SOLVED] systemd/Journal - filtering a specific service

vecino · 2023-06-04 17:48:04

Hi, I'd like to get rid of this in the diary ... it generates every hour. Yes, I can set a longer interval in Kea settings, but I want to get rid of it completely.

Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_START Starting lease file cleanup
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_PROCESSING Previous file: /var/lib/kea/dhcp4.leases.2, copy file: /var/lib/kea/dhcp4.leases.1
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.dhcpsrv.139852014892928] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/dhcp4.leases.2
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.dhcpsrv.139852014892928] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/dhcp4.leases.1
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_READ_STATS Leases: 7, attempts: 9, errors: 0.
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_WRITE_STATS Leases: 5, attempts: 5, errors: 0.
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_ROTATING LFC rotating files
Jun 04 19:01:16 mybox DhcpLFC[39478]: INFO  [DhcpLFC.139852014892928] LFC_TERMINATE LFC finished processing

I tried adding in: /usr/lib/systemd/system/kea-dhcp4.service StandardOutput=null and StandardError=null. But it didn't help.

[Unit]
Description=ISC Kea IPv4 DHCP daemon
Documentation=man:kea-dhcp4(8)
Wants=network-online.target
After=network-online.target
After=time-sync.target

[Service]
Environment="KEA_PIDFILE_DIR=/run"
Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
ExecStart=/usr/bin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

Do you have any ideas and tips? Thank you

I read: https://wiki.archlinux.org/title/Systemd/Journal

Last edited by vecino (2023-07-30 16:16:20)

3beb6e7c46a615a · 2023-06-04 18:13:50

Run "journalctl --output=verbose" on these messages, i.e. with "journalctl --output=verbose --since '2023-06-04 19:00' -u kea-dhcp4.service", and look for the "_TRANSPORT" field. It's probably "syslog" or "journal", meaning the service logs directly to journald. Suppressing "StandardOutput" or "StandardError" won't help in this case.

To suppress these messages you've got three options, depending on what you'd actually like to achieve.

If you'd like to just blindly suppress all messages from this services add "LogLevelMax=emerg" to the unit definition; this will suppress everything except those messages logged at the very highest level (and I think you definitely do want to read those). Obviously, you'll not get any logs from the service anymore, so debugging issues will become a lot harder. I wouldn't do this.

You can also filter specific messages with the "LogFilterPatterns=" setting, e.g "LogFilterPatterns=~(LFC_TERMINATE|LFC_ROTATING|LFC_WRITE_STATS|…)" to suppress those particular messages. This suppresses the noise specifically, but could break a lot depending on how frequently this software gets updates and changes its log messages. Maintaining this list of exclusions could become a chore.

Finally, you can move the entire logs of this service to a different namespace with "LogNamespace=", e.g. "LogNamespace=kea4". This removes all messages from the service from the main journal, and moves them to a separate one which you can inspect with "journalctl --namespace", e.g. "journalctl --namespace=kea4".

See "systemd.exec(5)" at https://man.archlinux.org/man/systemd.exec.5.en for details about these fields.

Personally, I'd not bother though. It's just once an hour, and the journal contains so many different messages from all kind of other services… spend time to learn the filtering options of "journalctl" to specifically select only relevant messages, that's likely more effective use of your time

But in any case please, never edit anything under "/usr/lib" directly. Create specific drop-in files in "/etc/systemd" with your text editor or use "systemctl edit kea-dhcp4.service". Please also read the systemd pages in the wiki, in particular https://wiki.archlinux.org/title/System … ided_units

Last edited by 3beb6e7c46a615a (2023-06-04 18:16:39)

papajoke · 2023-06-04 18:46:22

lunaryorn wrote:

You can also filter specific messages with the "LogFilterPatterns=" setting, e.g "LogFilterPatterns=~(LFC_TERMINATE|LFC_ROTATING|LFC_WRITE_STATS|…)" to suppress those particular messages. This suppresses the noise specifically, but could break a lot depending on how frequently this software gets updates and changes its log messages. Maintaining this list of exclusions could become a chore.

- Is one line by word(regex) in man ? "This option takes a single pattern as an argument but can be used multiple times to create a list of allowed and deniedpatterns."
- we can override default config

# /etc/systemd/system/kea-dhcp4.service.d/10-journalfilter.conf
[Service]
# no save messages with :
LogFilterPatterns=~LFC_WRITE_STATS
LogFilterPatterns=~LFC_PROCESSING
LogFilterPatterns=~LFC_ROTATING

Last edited by papajoke (2023-06-04 18:53:10)

loqs · 2023-06-04 19:22:56

The default /etc/kea/kea-dhcp4.conf uses the log file /var/log/kea-dhcp4.log however LFC does not follow that configuration [1].
You could try adding the KEA_LOGGER_DESTINATION=/dev/null [2] environment variable to the service file.

[1] https://gitlab.isc.org/isc-projects/kea/-/issues/833
[2] https://kea.readthedocs.io/en/kea-2.3.8 … ea-startup

Last edited by loqs (2023-06-04 19:44:15)

vecino · 2023-06-04 20:08:04

Thank you all for the valuable and useful information - I am gradually trying all the options you have advised me.

I otherwise log directly in the configuration file /etc/kea/kea-dhcp4.conf and this information is fully sufficient for me I just want to get rid of the DhcpLFC that is a waste / useless for me.

"loggers":[
            {
                "name":"kea-dhcp4.leases",
                "output_options":[
                    {
                        "output":"/var/log/kea/kea-dhcp4.log"
                    }
                ],
                "severity":"INFO"
            }

@loqs

Where should I put this: KEA_LOGGER_DESTINATION=/dev/null ? In the configuration file /etc/kea/kea-dhcp4.conf or in "systemctl edit kea-dhcp4.service --full" ?

Jun 04 17:00:19 home systemd[1]: Started ISC Kea IPv4 DHCP daemon.
Jun 04 21:56:18 home systemd[1]: /etc/systemd/system/kea-dhcp4.service:12: Unknown key name 'KEA_LOGGER_DESTINATION' in section 'Service', ignoring.

loqs · 2023-06-04 20:16:26

In the service file, it is intended to be read before the configuration file is loaded:

[Service]
Environment="KEA_LOGGER_DESTINATION=dev/null"

Last edited by loqs (2023-06-04 20:17:23)

vecino · 2023-06-04 20:23:55

I only wrote it as "KEA_LOGGER_DESTINATION=dev/null" ... now I'm testing how it will behave. I'll let you know - thanks.

Last edited by vecino (2023-06-04 20:24:11)

loqs · 2023-06-04 20:45:53

I missed the / from the start of /dev/null. No idea how it will handle a none existent path.

vecino · 2023-06-04 20:52:10

corrected

vecino · 2023-06-04 22:06:39

It behaves the same - nothing has changed. After the change in the service file I restarted Kea.

# cat /etc/systemd/system/kea-dhcp4.service
[Unit]
Description=ISC Kea IPv4 DHCP daemon
Documentation=man:kea-dhcp4(8)
Wants=network-online.target
After=network-online.target
After=time-sync.target

[Service]
Environment="KEA_LOGGER_DESTINATION=/dev/null"
Environment="KEA_PIDFILE_DIR=/run"
Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
ExecStart=/usr/bin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf

[Install]
WantedBy=multi-user.target

After an hour there's spam again:

#Kea restarted
Jun 04 22:50:00 mybox kea-dhcp4[40157]: 2023-06-04 22:50:00.478 INFO  [kea-dhcp4.dhcp4/40157.140470835798208] DHCP4_STARTED Kea DHCPv4 server version 2.2.0 started
--
Jun 04 23:50:00 mybox kea-dhcp4[40157]: 2023-06-04 23:50:00.914 INFO  [kea-dhcp4.dhcpsrv/40157.140470835798208] DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
Jun 04 23:50:00 mybox kea-dhcp4[40157]: 2023-06-04 23:50:00.915 INFO  [kea-dhcp4.dhcpsrv/40157.140470835798208] DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: /usr/sbin/kea-lfc -4 -x /var/lib/kea/dhcp4.lea>Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_START Starting lease file cleanup
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_PROCESSING Previous file: /var/lib/kea/dhcp4.leases.2, copy file: /var/lib/kea/dhcp4.leases.1
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.dhcpsrv.140673922041728] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/dhcp4.leases.2
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.dhcpsrv.140673922041728] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/dhcp4.leases.1
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_READ_STATS Leases: 5, attempts: 7, errors: 0.
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_WRITE_STATS Leases: 5, attempts: 5, errors: 0.
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_ROTATING LFC rotating files
Jun 04 23:50:00 mybox DhcpLFC[40360]: INFO  [DhcpLFC.140673922041728] LFC_TERMINATE LFC finished processing

vecino · 2023-06-05 09:59:32

Can this be applied to all messages from DhcpLFC so I don't have to filter individual messages/strings?

papajoke wrote:

lunaryorn wrote:
You can also filter specific messages with the "LogFilterPatterns=" setting, e.g "LogFilterPatterns=~(LFC_TERMINATE|LFC_ROTATING|LFC_WRITE_STATS|…)" to suppress those particular messages. This suppresses the noise specifically, but could break a lot depending on how frequently this software gets updates and changes its log messages. Maintaining this list of exclusions could become a chore.
- Is one line by word(regex) in man ? "This option takes a single pattern as an argument but can be used multiple times to create a list of allowed and deniedpatterns."
- we can override default config
# /etc/systemd/system/kea-dhcp4.service.d/10-journalfilter.conf
[Service]
# no save messages with :
LogFilterPatterns=~LFC_WRITE_STATS
LogFilterPatterns=~LFC_PROCESSING
LogFilterPatterns=~LFC_ROTATING

papajoke · 2023-06-05 10:52:07

we have man ! "an extended regular expression"

vecino · 2023-06-05 12:50:51

Ok sorry for my stupid questions.

I've already managed to get what I wanted. This does what I want:

cat /etc/systemd/system/kea-dhcp4.service.d/10-journalfilter.conf

[Service]
LogFilterPatterns=~DhcpLFC
LogFilterPatterns=~DHCPSRV_MEMFILE

Please last question. Do I understand correctly that I always have to create a separate file for the specific service I want to filter?

For example:

/etc/systemd/system/kea-dhcp4.service.d/10-journalfilter.conf
/etc/systemd/system/kea-dhcp6.service.d/10-journalfilter.conf
/etc/systemd/system/frr.service.d/10-journalfilter.conf
etc

Isn't it possible to have only one file and filter all services there using regular expression?

vecino · 2023-06-11 11:32:01

Thanks

Last edited by vecino (2023-06-16 13:33:36)

vecino · 2023-06-16 13:33:49

Can you please advise me how to filter messages from the kernel? For example, this one irritates me.

Jun 15 21:39:04 home kernel: HTB: quantum of class 10001 is big. Consider r2q change.
Jun 15 21:39:04 home kernel: HTB: quantum of class 10001 is big. Consider r2q change.
Jun 15 21:39:04 home kernel: HTB: quantum of class 10001 is big. Consider r2q change.

I'd like to do it the way you've taught me here, but I don't know what UNIT kernel it uses?

There is such a thing as:

/etc/systemd/system/KERNEL.service.d/spam.conf ?

[Service]
LogFilterPatterns=~quantum of class 10001 is big

Thanks

Last edited by vecino (2023-06-16 15:21:19)

loqs · 2023-06-16 19:32:12

Is there a reason not to follow the advice and reduce the quantum size?

vecino · 2023-06-17 12:02:27

Yes, I certainly tried that first. I googled, but most of the articles and recommendations are very old (at that time kernel 2.4 was used and internet speeds were much lower).

It might be good time to touch concept of quantums now. In fact when more classes want to borrow bandwidth they are each given some number of bytes before serving other competing class. This number is called quantum. You should see that if several classes are competing for parent's bandwidth then they get it in proportion of their quantums. It is important to know that for precise operation quantums need to be as small as possible and larger than MTU.
Normaly you don't need to specify quantums manualy as HTB chooses precomputed values. It computes classe's quantum (when you add or change it) as its rate divided by r2q global parameter. Its default value is 10 and because typical MTU is 1500 the default is good for rates from 15 kBps (120 kbit). For smaller minimal rates specify r2q 1 when creating qdisc - it is good from 12 kbit which should be enough. If you will need you can specify quantum manualy when adding or changing the class. You can avoid warnings in log if precomputed value would be bad. When you specify quantum on command line the r2q is ignored for that class.

I understood that the best way is to have these calculated quantum automatically.

I tried set r2q 10 via: https://documentation.clearos.com/conte … r2q_change but nothing's changed.

Do you have any experience with this? I'd be happy to learn.

Still, I wonder if I can filter kernel messages like I do with other services. It might be useful.

Last edited by vecino (2023-06-17 12:07:01)

loqs · 2023-06-17 16:23:59

You are using clearos's firewall app?

vecino · 2023-06-17 17:08:23

No I don't - I use tc + cake for shaper.

https://www.bufferbloat.net/projects/codel/wiki/Cake/

Arch Linux

#1 2023-06-04 17:48:04

[SOLVED] systemd/Journal - filtering a specific service

#2 2023-06-04 18:13:50

Re: [SOLVED] systemd/Journal - filtering a specific service

#3 2023-06-04 18:46:22

Re: [SOLVED] systemd/Journal - filtering a specific service

#4 2023-06-04 19:22:56

Re: [SOLVED] systemd/Journal - filtering a specific service

#5 2023-06-04 20:08:04

Re: [SOLVED] systemd/Journal - filtering a specific service

#6 2023-06-04 20:16:26

Re: [SOLVED] systemd/Journal - filtering a specific service

#7 2023-06-04 20:23:55

Re: [SOLVED] systemd/Journal - filtering a specific service

#8 2023-06-04 20:45:53

Re: [SOLVED] systemd/Journal - filtering a specific service

#9 2023-06-04 20:52:10

Re: [SOLVED] systemd/Journal - filtering a specific service

#10 2023-06-04 22:06:39

Re: [SOLVED] systemd/Journal - filtering a specific service

#11 2023-06-05 09:59:32

Re: [SOLVED] systemd/Journal - filtering a specific service

#12 2023-06-05 10:52:07

Re: [SOLVED] systemd/Journal - filtering a specific service

#13 2023-06-05 12:50:51

Re: [SOLVED] systemd/Journal - filtering a specific service

#14 2023-06-11 11:32:01

Re: [SOLVED] systemd/Journal - filtering a specific service

#15 2023-06-16 13:33:49

Re: [SOLVED] systemd/Journal - filtering a specific service

#16 2023-06-16 19:32:12

Re: [SOLVED] systemd/Journal - filtering a specific service

#17 2023-06-17 12:02:27

Re: [SOLVED] systemd/Journal - filtering a specific service

#18 2023-06-17 16:23:59

Re: [SOLVED] systemd/Journal - filtering a specific service

#19 2023-06-17 17:08:23

Re: [SOLVED] systemd/Journal - filtering a specific service

Board footer