Project

General

Profile

Feature #25973

Set net.link.ether.inet.log_arp_movements to 0 by default

Added by Dave F over 1 year ago. Updated about 1 year ago.

Status:
Done
Priority:
Nice to have
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Estimated time:
Severity:
Low
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

Suggest that the sysctl net.link.ether.inet.log_arp_movements is set to 0 as default as it can fill up syslog and the daily output with a ton of normal network movement messages, for example:

arp: %d.%d.%d.%d moved from %x:%x:%x:%x:%x:%x to %x:%x:%x:%x:%x:%x on %s

We're always recommending to turn off the sysctl in the forums and chatroom as it tends to confuse users.

The FreeBSD default for this sysctl is 1.

History

#1 Updated by Dru Lavigne over 1 year ago

  • Assignee changed from Release Council to William Grzybowski

I thought we already did this but can't find it... William, please load balance (unless we already fixed it).

#2 Updated by William Grzybowski over 1 year ago

  • Status changed from Unscreened to Screened
  • Target version set to 11.1

#3 Updated by William Grzybowski over 1 year ago

  • Status changed from Screened to Unscreened
  • Assignee changed from William Grzybowski to Nikola Gigic

#4 Updated by Nick Wolff over 1 year ago

Below is patch to move this message to a new log called system I can submit pr if we are interested in this. This has been syntactically checked but not tested.

diff --git a/src/freenas/usr/local/etc/syslog-ng.conf.freenas b/src/freenas/usr/local/etc/syslog-ng.conf.freenas
index cab353d70..d180c45fc 100644
--- a/src/freenas/usr/local/etc/syslog-ng.conf.freenas
+++ b/src/freenas/usr/local/etc/syslog-ng.conf.freenas
@@ -23,6 +23,7 @@ source src { unix-dgram("/var/run/log");
 # destinations
 #
 destination messages { file("/var/log/messages"); };
+destination system { file("/var/log/system"); };
 destination security { file("/var/log/security"); };
 destination authlog { file("/var/log/auth.log"); };
 destination daemon { file("/var/log/daemon.log"); };
@@ -91,6 +92,12 @@ filter f_mdnsresponder { program("mDNSResponder"); };
 filter f_not_mdnsresponder { not program("mDNSResponder"); };

 #
+# message filters
+#
+filter f_arpchange { message("^arp:.*moved from.*on.*$"); };
+filter f_not_arpchange { not filter(f_arpchange); };
+
+#
 # *.err;kern.warning;auth.notice;mail.crit             /dev/console
 #
 log { source(src); filter(f_err); filter(f_not_mdnsresponder); destination(console); };
@@ -102,7 +109,7 @@ log { source(src); filter(f_mail); filter(f_crit); destination(console); };
 # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err        /var/log/messages
 #
 log { source(src); filter(f_notice); filter(f_not_authpriv); filter(f_not_mdnsresponder); destination(messages); };
-log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
+log { source(src); filter(f_kern); filter(f_debug); filter(f_not_arpchange); destination(messages); };
 log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
 log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
 log { source(src); filter(f_news); filter(f_err); destination(messages); };
@@ -148,6 +155,11 @@ log { source(src); filter(f_daemon); destination(daemon); };
 log { source(src); filter(f_is_debug); destination(debuglog); };

 #
+# Filtered System Messages                             /var/log/system.log
+#
+log { source(src);  filter(f_kern); filter(f_info); filter(f_arpchange); destination(system); };
+
+#
 # *.emerg                                              *
 #
 log { source(src); filter(f_emerg); destination(allusers); };

#5 Updated by Nikola Gigic over 1 year ago

  • Status changed from Unscreened to Screened

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore over 1 year ago

  • Target version changed from 11.1 to 11.2-BETA1

#7 Updated by Dru Lavigne over 1 year ago

  • Assignee changed from Nikola Gigic to Vladimir Vinogradenko

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore over 1 year ago

  • Target version changed from 11.2-BETA1 to 11.3

#9 Avatar?id=14398&size=24x24 Updated by Kris Moore over 1 year ago

  • Status changed from Screened to Not Started

#10 Updated by William Grzybowski over 1 year ago

  • Category changed from OS to Middleware
  • Assignee changed from Vladimir Vinogradenko to Waqar Ahmed
  • Target version changed from 11.3 to 11.2-RC2

Waqar, this seems fairly easy. Lets use Nick Wolf suggestion though.

#11 Updated by Waqar Ahmed over 1 year ago

  • Status changed from Not Started to In Progress
  • % Done changed from 0 to 60

#12 Updated by William Grzybowski over 1 year ago

  • Severity set to Low

#13 Updated by Waqar Ahmed over 1 year ago

  • % Done changed from 60 to 100

#14 Updated by Waqar Ahmed over 1 year ago

  • Status changed from In Progress to Done

#15 Updated by Dru Lavigne over 1 year ago

  • Target version changed from 11.2-RC2 to 11.2-BETA1
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#16 Updated by Dru Lavigne about 1 year ago

  • Status changed from Done to Ready for Testing

#17 Updated by Bonnie Follweiler about 1 year ago

Mike is working on this ticket. His last note is that the testing is on hold. "Waiting for an easy way to generate arp messages to log to confirm they go to /var/log/system
Verified the syslog-ng changes are there though"

#18 Updated by Michael Reynolds about 1 year ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Waqar started with 2 vms. The second one had 3 NICs.
From the first VM, pinged the IP of 3rd NIC of 2nd machine.
After that, forced the second NIC to take the IP of the 3rd NIC
Then checked the contents of var/log/system and the arp logging was there

freenas# cd /var/log
freenas# grep -i -r "arp" .
./system:Jun 14 17:00:55 freenas kernel: arp: 192.168.1.10 moved from 08:00:27:02:bc:e9 to 08:00:27:12:32:f3 on em0

the ticket is confirmed fixed

Thanks waqar!

#19 Updated by Dru Lavigne about 1 year ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF