Page 1 of 2

'Auth.log' Log file filling up

Posted: Sat Sep 16, 2017 3:58 pm
by NeverSimple
I noticed today that /var/log/auth.log is steadily growing in size. Every hour it rolls over due to size.
Basically there are only two lines in there:

Code: Select all

Sep 16 20:42:19 ghostbsd doas: rherman ran command ifconfig wlan0 as root from /usr/home/rherman
Sep 16 20:42:19 ghostbsd doas: root ran command ifconfig wlan0 as root from /root
These two line repeat 10 times with the same timestamp, so 20 log entries. then it stops for 15 seconds after which it repeats with the same 20 log entries. This keeps going on hour after hour.

I Have two machines running GhostBSD 11.1, one on ALPHA1, the other on BETA1. Both exhibit this behaviour.
Any idea where this is coming from?

Re: 'Auth.log' Log file filling up

Posted: Sat Sep 16, 2017 4:13 pm
by ASX
That is most likely a side effect of network manager, that peridodically scan for available wifi networks.

Re: 'Auth.log' Log file filling up

Posted: Sat Sep 16, 2017 4:46 pm
by NeverSimple
Really? That seems a bit excessive. Especially since none of these machines has a WiFi adapter.

Re: 'Auth.log' Log file filling up

Posted: Sat Sep 16, 2017 5:31 pm
by ASX
if you don't need network manager, simply disable it.
In XFCE you need to look into settings -> startup, I don't know about MATE but should not be much difficult to find where is started. ;)

EDIT: the first time you connect to a wifi network you don't want to wait too much, so the timing is a tradeoff.

Re: 'Auth.log' Log file filling up

Posted: Sun Sep 17, 2017 4:20 am
by WytWun
I may not be looking in the correct place, but if the network manager is relying on /usr/local/share/networkmgr/net_api.py then it seems to me that there might be something amiss.

There are several functions in that file that check for the presence of the wlan0 interface and return an appropriate status (True == exists | active; False == absent | inactive). My VM instance of BETA1 is showing the same activity on wlan0 that NeverSimple is seeing and there's no wireless lan interface in the VM (or the host for that matter). I don't have time to pursue this further at the moment...

Re: 'Auth.log' Log file filling up

Posted: Wed Sep 20, 2017 4:17 pm
by kraileth
To me it would make sense if doas supported suppressing log messages for certain commands. However I don't think that it has such a feature. Yet?

Re: 'Auth.log' Log file filling up

Posted: Wed Sep 20, 2017 4:25 pm
by NeverSimple
kraileth wrote:To me it would make sense if doas supported suppressing log messages for certain commands. However I don't think that it has such a feature. Yet?
Well, to me it would not make sense supressing these messages. They shouldn't be generated in the first place, right?
Why would running 'ifconfig wlan0' make sense on a machine that has no wlan0? (or any wlan capability)
I think 'WytWun' is right: something is not quit right here.

Re: 'Auth.log' Log file filling up

Posted: Wed Sep 20, 2017 6:05 pm
by ASX
NeverSimple wrote:
kraileth wrote:To me it would make sense if doas supported suppressing log messages for certain commands. However I don't think that it has such a feature. Yet?
Well, to me it would not make sense supressing these messages. They shouldn't be generated in the first place, right?
Why would running 'ifconfig wlan0' make sense on a machine that has no wlan0? (or any wlan capability)
I think 'WytWun' is right: something is not quit right here.
The network manager may be far from perfect, but it does some good job which is (or will be) separate into two pieces:
a) detect a wifi adapter, including USB dongles that could be plugged in at any time, and configure the related driver in rc.conf
b) managing the connection to the wifi network

both things require a periodic scan, hope that explain the underlying requirements.
The excessive logging can be annoying, but it is a minor issue. ;)

Re: 'Auth.log' Log file filling up

Posted: Thu Sep 21, 2017 12:58 am
by kraileth
NeverSimple wrote:Well, to me it would not make sense supressing these messages. They shouldn't be generated in the first place, right?
Why would running 'ifconfig wlan0' make sense on a machine that has no wlan0? (or any wlan capability)
I think 'WytWun' is right: something is not quit right here.
That's actually two different things: Yes, extending the network manager so that it doesn't try to use wlan at all on system where it's not desired (or even possible) would be a nice feature. But then there are probably a lot of systems where you would actually want to scan for wlans. And in that case the logging "problem" still exists. A agree with ASX here: On a desktop workstation it's probably a minor thing for most people. However for security-minded folks who actually check their logs it could be a real nuisance.

I'm opening a ticket for the network manager side of the affair. If somebody wants the doas part fixed, too, he or she needs to find a volunteer with some C coding experience (and preferably somebody who's able to convince the Ted Unangst and the OpenBSD guys to accept a patch upstream :mrgreen: ).

Re: 'Auth.log' Log file filling up

Posted: Thu Sep 21, 2017 4:12 am
by ASX
kraileth wrote:If somebody wants the doas part fixed, too, he or she needs to find a volunteer with some C coding experience (and preferably somebody who's able to convince the Ted Unangst and the OpenBSD guys to accept a patch upstream).
Some suicide attitude is needed to ask something that (removing logging) to OpenBSD! :D