NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

i-CONICA's avatar
i-CONICA
Guide
Jun 07, 2017

Syslog database running

Hi,

 

I've a ReadyNAS RN104. 4x2TB WD Red drives.

 

I've noticed it's got a MySQL database running on it, with one database called Syslog. There are two tables, one called SystemEvents and SystemEventsProperties.

 

The SystemEvents table alone has over 10 million rows.

 

It's definitely for the ReadyNAS system, not a third party app. It's logging every bit of info. Such as;

Message:  Stopping Netatalk AFP fileserver for Macintosh clients... 

(triggered by me, stopping the AFP protocol in the admin interface).


It's also logging millions of failed root ssh login attempts, which is concerning...


Thanks.

Installation & Upgrade
Other Discussions
Performance

6 Replies

  • i-CONICA's avatar
    i-CONICA
    Guide
    Jun 07, 2017

    So I've learned it's the rsyslog service that's default on debian systems since version 5.

     

    So my question narrows. Having looked at /Volume/rsyslog/ it's logging things in there, but all the logs are of modest size (kbs).

     

    The /etc/rsyslog.conf file includes /etc/rsyslog.d/mysql.conf which has connection details for this mysql database "Syslog" it's logging to.


    The problem is, while proper log rotation is clearly happening in the directories, there's nothing keeping the database in check.

     

    Any advice? 

    • i-CONICA's avatar
      i-CONICA
      Guide
      Jun 07, 2017

      It seems to be a problem with rsyslog, not specific to ReadyNAS.

       

      Maybe this should be considered a bug to be fixed via a cron, or simply not logging to the DB at all. 

       

      See http://www.rsyslog.com/article50/

       

      I've taken a backup of the data and am going to truncate the database. I've also commented out the line in /etc/rsyslog.conf where it includes the /etc/rsyslog.d/mysql.conf, so hopefully after a restart of rsyslog via systemctl it won't try to log to the DB.

       

      Any ill effects, and I can reverse all this of course...

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      Jun 08, 2017
      i-CONICA wrote:

      So I've learned it's the rsyslog service that's default on debian systems since version 5.

       

      The RN104 firmware doesn't include it though, so this must be something you installed.

      • i-CONICA's avatar
        i-CONICA
        Guide
        Jun 09, 2017

        As I'd never heard of it until investigating this, it's not possible.

         

        It may have been installed as part of some plugin/app I've previously had installed though.

         

        I've in the past had several apps installed. I've only got Transmission installed now.

         

        I've cleared out all this rubbish and it's working perfectly. I had a message telling me that the root mount point is 85% full which shouldn't happen. This was the /var/lib/mysql directory mainly. It's now much clearer.

         

        Are you sure no version of the RN104 software has ever had this? As the logs started in 2015... I'll have a look in my dump of the DB and see what the very first records look like.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More