[Openstack] compute node secure message flood rootwrap.conf ovs-ofctl dump-flows br-int table=22
Uwe Sauter
uwe.sauter.de at gmail.com
Tue Mar 24 14:01:19 UTC 2015
Hi,
is it possible to disable the logging of this particular command for /var/log/neutron/openvswitch-agent.log ?
Given the high frequency it makes it really hard and annoying to read the logs for debugging purposes.
Regards,
Uwe
Am 24.03.2015 um 13:52 schrieb Lars Kellogg-Stedman:
> On Tue, Mar 24, 2015 at 02:22:18PM +0700, Chris wrote:
>> On our compute nodes the /var/log/secure log get flooded with the same kind
>> of messages:
>>
>> Mar 22 10:17:57 xxx sudo: neutron : TTY=unknown ; PWD=/ ; USER=root ;
>> COMMAND=/usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ovs-ofctl
>> dump-flows br-int table=22
>>
>> Any hint what's the purpose of this and how to fix it?
>
> The purpose is that neutron is monitoring the flow rules in that
> particular table, probably in order ensure they remain correct.
> Because neutron is running as an unprivileged user, it needs to use
> "sudo" to gain elevated privileges.
>
> The `sudo` command is, by default, quite verbose, which makes sense in
> an environment where 'sudo' commands happen rarely as the result of
> manual administrator actions. In an environment where it is part of
> frequent automated tasks it can be an annoyance.
>
> You can disable these messages for a *particular* user using syntax
> like this:
>
> Defaults:neutron !syslog
>
> This will disable syslogging of sudo activity for user "neutron" while
> still leaving it enabled for everyone else.
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
More information about the Openstack
mailing list