systemd log flood, session opened for user root

Flang3r · 03-25-2015, 03:14 AM

Quote:

Originally Posted by w_hairst

No answer, or even reply, on the users forum so far. Found another possible option - the command
systemd-analyze set-log-level warn

Running this as root, I got:
Failed to issue method call: Access denied

Strangely, I can run it with 'notice' instead of 'warn', and it silently
completes - probably meaning it's already set to notice.

Why does this produce an 'access denied' message even when run as root?

The above message you get is because argument syntax is invalid. Try "systemd-analyze set-log-level warning" instead of warn.

Quote:

systemd-analyze set-log-level LEVEL changes the current log level of the systemd daemon to LEVEL (accepts the same values as --log-level= described in systemd(1))

Quote:

--log-level=
Set log level. As argument this accepts a numerical log level or the well-known syslog(3) symbolic names (lowercase): emerg, alert, crit, err, warning, notice, info, debug.

P.S. It is plaguing my Fedora 21 logs too.

w_hairst · 03-30-2015, 06:30 PM

Sure enough, the syntax was wrong. (Why 'access denied' instead of 'bad syntax'?) Changing this all the way to emerg didn't do anything, either using the command line set-log-level, or putting it into /etc/systemd/system.conf. I did notice this line in /var/log/messages during reboot:
systemd[1]: [/etc/systemd/system.conf:11] Invalid log level'warn': Operation not permitted
Odd thing is, /etc/systemd/system.conf contains LogLevel=emerg, not warn! (Anymore)

dairiki · 05-20-2015, 01:02 PM

Quote:

Originally Posted by w_hairst

I have a fairly freshly installed copy of Fedora 21, running on an old laptop. (So no graphical interface.) Installed logwatch today, and got:

session opened for user root by (uid=0): 25 Time(s)

Looks like something is running once an hour-through cron? I haven't personally set up any scheduled tasks, but it's possible something I installed may have. crontab contains no entries; cron.hourly contains 0anacron and mcelog.cron

I'm seeing massive amounts of entries in the /var/log/messages file from systemd; this is the sequence I'm seeing once an hour (so probably related):

Feb 21 19:01:01 localhost systemd: Starting Paths.
[...]
Feb 21 19:01:02 localhost systemd: Received SIGRTMIN+24 from PID 1400 (kill).

1. What is systemd, what is it doing, and should I be concerned?
2. How do I get it to stop flooding the messages log?
3. If everything is working as designed, how do I eliminate or hide the 'for user root' messages for this job, but not for anything else? (I don't want to hide *all* root sessions!)

Thank you!

I experienced this too (Debian Jessie). I think I've figured out what's going on.

Systemd is running a per-user systemd for root whenever a session is started, e.g. to run a cron job. Then when root’s last session is closed, the per-user systemd is killed. The spew of log messages has to do with the the spawning and killing of that per-user systemd.

One way to avoid these log messages is to make root’s per-user systemd persistent, so that it is created at system boot and never killed (until system shutdown.) To do this you can run

Code:

# loginctl enable-linger root

This only needs to be run once. (Loginctl creates a note-to-self in /var/lib/systemd/linger/.)

Reference: https://wiki.archlinux.org/index.php/Systemd/User

Psy-Q · 06-29-2015, 01:43 AM

I'm seeing the same thing in Debian jessie. I don't think it makes any sense to just ignore this with logcheck, it's logging hundreds of kilobytes. Can't the verbosity be reduced, just for these per-user systemds in particular, if that's what's causing this?

Edit: "loginctl enable-linger root" does not change anything.

Edit 2: Ignore that, it does work. I had another user with cronjobs and didn't pay proper attention to the actual lines.