current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems.. It's 100% free, no registration required.
up vote 4 down vote favorite

I am installing a really small server which got a 512mb CF cars as HD. Not only I haven't plenty of space, but I would like to minimize the writes to disk.

I would like to completely clear the /var/log directory and to make it read only (write protected).

Will the system hang if I do so?

share|improve this question
6  
/var/log being read only doesn't make much sense. You'd probably be better off rotating regularly and compressing the old log files. –  Joel Davis 2 days ago
1  
Or adjusting your settings on the log daemon so it only logs emergency and critical level logs. –  Zan Lynx 2 days ago
add comment

4 Answers

up vote 8 down vote

Instead of making it read only, I would create /var/log as tempfs. and regularily prune. Of course that only works if you have enough spare RAM available.

You can do the same for other possible non-essential directories like /var/tmp

Entries in my /etc/fstab (now commented out):

tmpfs   /var/tmp   tmpfs   defaults,noatime,mode=1777,size=128M   0  0
tmpfs   /var/log   tmpfs   defaults,noatime,mode=0755,size=128M   0  0
share|improve this answer
    
One problem with this would be using the log files to diagnose a system hang. –  Joel Davis 2 days ago
    
You probably want to include a size= parameter to control for the RAM usage issue you mentioned. –  Joel Davis 2 days ago
1  
@JoelDavis Size limitation would be appropriate, I added that parameter (on my machine this was not a problem). I reckoned that if the OP was willing to make /var/log read-only, that throwing away logs on reboot would not be an issue. –  Anthon 2 days ago
add comment
up vote 5 down vote

If you are planning on making it read-only, then it is as good as worthless. You should control how and what you log.

If you are running short on space, you might want to have a separate reasonably-sized /var partition and choose a file system that can handle lots of small files, such as ReiserFS or something.

share|improve this answer
add comment
up vote 5 down vote

According to the Debian FHS (Filesystem Hierarchy Standard), /var/log must be writable. Upon boot up, the system itself must be able to write to a log in that directory. You can make /usr read-only, but /var should be mounted writeable.

To answer the question asked in your write-up, yes the system will hang on start up. The kernel will attempt to write to dmesg, and will hang when it cannot.

share|improve this answer
2  
The kernel won't "hang" when it cannot write to /var/log/, otherwise your system would not be able to boot because /var/log/ is not mounted at boot. It is possible that some programs do not start, crash or do not function properly. –  Lekensteyn 2 days ago
2  
FHS is not by Deban; they only cite it. It is a standard which is relevant for all kind of Unixes and alike systems. –  glglgl yesterday
add comment
up vote 2 down vote

As stated in my comment, a writable /var/log is kind of important but there are things you can do to ensure that as little gets saved as possible. For example, you can configure logrotate to rotate the log files based on their size, compressing the old ones. You can also configure syslog to only write CRIT and above to the logs (the rest are discarded)

logrotate example:

   compress

   /var/log/messages {
       rotate 5
       size 100k
       postrotate
           /usr/bin/killall -HUP syslogd
       endscript
   }

(You would need to configure logrotate /etc/logrotate.conf to be ran in a cronjob as well).

rsyslog.conf example:

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.crit                                                  /var/log/messages
*.emerg                                                 *

This is probably the best middle ground as next to nothing gets logged but you're still notified of critical events. You may also think about configuring remote syslog to a server with bigger storage if log retention is important.

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.