This means roughly 430GB/day for syslog and 35GB/day for auditd being written to the OS SSD, this seems excessive and potentially harmful for SSD longevity. I confirmed these numbers with iotop from the proxmox host and tracking total disk writes to the SSD the VM disk sits on.
Is this level of logging expected behavior on SCALE 25.10.1?
Are there recommended ways to reduce logging verbosity for syslog-ng or auditd?
Does anyone have advice on…
Moving logs to a tmpfs to reduce disk wear?
Redirecting logs to the storage pool (spinning disks) instead of the OS drive?
Specific config tweaks that others are using to mitigate this?
Any guidance, best practices, or similar experiences would be greatly appreciated. I want to reduce unnecessary wear on the OS drive without breaking anything important.
I tried mounting /audit, /var/log, & /var/lib/syslog-ng to folders on the storage array
mount --bind /mnt/data/local/audit /audit
mount --bind /mnt/data/local/logs /var/log
mount --bind /mnt/data/local/syslog-lib /var/lib/syslog-ng
Disk writes to the OS drive over 10 minutes dropped to less than 8MB
I noticed that the data section of the pool widget and also all temperature information initially broke, but after about 30 minutes everything came back and appears to be working normally.
I would still like to find a solution to reducing the amount of data syslog and auditd are writing though. Even though it isn’t impacting the SSDs any more, it still seems like an excessive amount of writing for logs.
Edit: I did rsync the contents of the directories over to the new mount points first.
I did, but the only setting that I found which looked reasonable was the syslog level, but even setting it to Emergency didnt seem to impact the write volume.
Edit: I also saw System Dataset Pool: data, but switching it to boot-pool and back also didn’t seem to make any impact.
