Logging Configuration

Forum for questions and support relating to the 1.32.x releases only.
Post Reply
jsylvia007
Posts: 116
Joined: Wed Mar 11, 2009 8:32 pm

Logging Configuration

Post by jsylvia007 »

Morning All!

Currently, I have my logging configured as follows:

Code: Select all

LOG_LEVEL_SYSLOG = Warning
LOG_LEVEL_FILE = None
LOG_LEVEL_WEBLOG = None
LOG_LEVEL_DATABASE = Info
LOG_DATABASE_LIMIT = 500000
This basically fills the database with a bunch of informational logs, that most of the time are of little use (to be in the database).

I'm thinking that I want to do this:

Code: Select all

LOG_LEVEL_SYSLOG = Warning
LOG_LEVEL_FILE = Info
LOG_LEVEL_WEBLOG = None
LOG_LEVEL_DATABASE = Warning
LOG_DATABASE_LIMIT = 50000   ##(factor of 10x less than above, because it's only WARNINGS and higher).
What does everyone else have their logging stuff set to? Is there a recommendation? If people do use files for their logs, is the logrotate configuration sufficient?
User avatar
iconnor
Posts: 2879
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Logging Configuration

Post by iconnor »

Mine is something like the following.

I log Warnings and up to Syslog so that logcheck will email anything weird to me.
FILE = Debug because I am a developer and have debug turned on all the time.
WEBLOG generally only breaks things.
Database logging is not well designed and you really don't want to fill it up too much.

LOG_LEVEL_SYSLOG = Warning
LOG_LEVEL_FILE = Debug
LOG_LEVEL_WEBLOG = None
LOG_LEVEL_DATABASE = Warning
LOG_DATABASE_LIMIT = 500000
jsylvia007
Posts: 116
Joined: Wed Mar 11, 2009 8:32 pm

Re: Logging Configuration

Post by jsylvia007 »

iconnor wrote: Tue Dec 11, 2018 2:34 pm Mine is something like the following.

I log Warnings and up to Syslog so that logcheck will email anything weird to me.
FILE = Debug because I am a developer and have debug turned on all the time.
WEBLOG generally only breaks things.
Database logging is not well designed and you really don't want to fill it up too much.

LOG_LEVEL_SYSLOG = Warning
LOG_LEVEL_FILE = Debug
LOG_LEVEL_WEBLOG = None
LOG_LEVEL_DATABASE = Warning
LOG_DATABASE_LIMIT = 500000
Thanks man! I think I will mirror pretty much what you have, except keep the FILE at "INFO", and limit the database to 50000.
alabamatoy
Posts: 349
Joined: Sun Jun 05, 2016 2:53 pm

Re: Logging Configuration

Post by alabamatoy »

Every now and then, one of my cameras will hiccup and I will get thousands of log entries in the span of a few minutes about buffer overflow. I have a script which watches syslog for this, and if it finds more than some preset thresholds in a given span of time, it throws a semaphore and checks it every 10 minutes. If after 30 minutes the warnings persist, it will restart ZM. My question is, can someone help me with the logcheck ignore statement/file for these buffer overlow log entries? They look like

Code: Select all

Dec 17 22:32:40 zm_server_name zmc_m4[7014]: WAR [Buffer overrun at index 23, image 123, slow down capture, speed up analysis or increase ring buffer size]
So I am looking to make logcheck ignore "WAR [Buffer overrun at index" entries. Logcheck sends me output from my log watcher script, so I know if these warnings are there, but I dont want logcheck files emailed to me that have thousands of lines of these warnings. Any suggestions?
Post Reply