Table des matières

Log et service

Comme vous le savez, le raspberry tourne sur une SDcard, et cette mémoire flash n’aime pas trop les écritures à outrance.

Je vais donc essayer de trouver des solutions pour limiter les logs qui ne sont pas importants.

Les logs

# cd /var/log
# find -mtime -1 -type f -exec ls -l {} \;
-rw-r--r-- 1 root root 86111 juil.  2 21:41 ./samba/log.smbd
-rw-r--r-- 1 root root 1829 juil.  1 21:49 ./samba/log.nmbd
-rw-r----- 1 root adm 1552222 juil.  2 21:17 ./auth.log
-rw-r----- 1 root adm 563699 juil.  2 19:24 ./messages
-rw-r----- 1 root adm 5876077 juil.  2 21:48 ./syslog
-rw-r----- 1 root adm 12252 juil.  2 19:24 ./user.log
-rw-rw-r-- 1 root utmp 2688 juil.  2 07:22 ./wtmp
-rw-r--r-- 1 root root 2408 juil.  2 19:24 ./rsnapshot.log
-rw-r----- 1 root adm 6718716 juil.  2 19:24 ./kern.log
-rw-r----- 1 root adm 1176251 juil.  2 06:25 ./syslog.1
-rw-r--r-- 1 root root 24048 juil.  1 22:05 ./faillog
-rw-rw-r-- 1 root utmp 292584 juil.  2 07:22 ./lastlog
-rw-r--r-- 1 root root 6405 juil.  1 22:12 ./aptitude
-rw-r----- 1 root adm 548236 juil.  2 21:48 ./daemon.log

On va analyser tous les fichiers qui ont été modifié récemment et qui ont une taille élevée.

Samba

Extrait

[2013/07/03 21:13:36.351018,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 21:13:36.352343,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 21:26:37.070193,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 21:26:37.071525,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 21:39:37.829379,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 21:39:37.830682,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 21:52:38.517540,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 21:52:38.518854,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 22:05:39.251127,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 22:05:39.252537,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 22:18:40.010082,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 22:18:40.011400,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 22:31:40.778366,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 22:31:40.779682,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2013/07/03 22:44:41.517855,  0] printing/print_cups.c:110(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connection refused
[2013/07/03 22:44:41.519169,  0] printing/print_cups.c:487(cups_async_callback)
  failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL

Editez votre fichier de config /etc/samba/smb.conf et passez load_printer = no et ajoutez les lignes qui suivent

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = no
   show add printer wizard = no
   printcap name = /dev/null
   disable spoolss = yes

Relancez samba

service samba restart

auth.log

Extrait :

Jul  4 19:48:59 edmchome sshd[8201]: Failed password for root from 80.84.55.183 port 11919 ssh2
Jul  4 19:48:59 edmchome sshd[8201]: Disconnecting: Too many authentication failures for root [preauth]
Jul  4 19:48:59 edmchome sshd[8201]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:48:59 edmchome sshd[8201]: PAM service(sshd) ignoring max retries; 6 > 3
Jul  4 19:49:01 edmchome sshd[8205]: reverse mapping checking getaddrinfo for 183-55-84-80.rackcentre.redstation.net.uk [80.84.55.183] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  4 19:49:02 edmchome sshd[8205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:03 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:07 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:09 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:11 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:13 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:16 edmchome sshd[8205]: Failed password for root from 80.84.55.183 port 12041 ssh2
Jul  4 19:49:16 edmchome sshd[8205]: Disconnecting: Too many authentication failures for root [preauth]
Jul  4 19:49:16 edmchome sshd[8205]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:16 edmchome sshd[8205]: PAM service(sshd) ignoring max retries; 6 > 3
Jul  4 19:49:18 edmchome sshd[8209]: reverse mapping checking getaddrinfo for 183-55-84-80.rackcentre.redstation.net.uk [80.84.55.183] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  4 19:49:19 edmchome sshd[8209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:20 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:22 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:25 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:28 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:31 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:33 edmchome sshd[8209]: Failed password for root from 80.84.55.183 port 12167 ssh2
Jul  4 19:49:33 edmchome sshd[8209]: Disconnecting: Too many authentication failures for root [preauth]
Jul  4 19:49:33 edmchome sshd[8209]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:33 edmchome sshd[8209]: PAM service(sshd) ignoring max retries; 6 > 3
Jul  4 19:49:35 edmchome sshd[8213]: reverse mapping checking getaddrinfo for 183-55-84-80.rackcentre.redstation.net.uk [80.84.55.183] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  4 19:49:35 edmchome sshd[8213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:37 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:40 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:43 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:45 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:47 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:50 edmchome sshd[8213]: Failed password for root from 80.84.55.183 port 12290 ssh2
Jul  4 19:49:50 edmchome sshd[8213]: Disconnecting: Too many authentication failures for root [preauth]
Jul  4 19:49:50 edmchome sshd[8213]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.84.55.183  user=root
Jul  4 19:49:50 edmchome sshd[8213]: PAM service(sshd) ignoring max retries; 6 > 3

A peine un port ssh ouvert sur la toile que déjà des milliers de tentative de connexions qui génère des logs à n’en plus finir.

On va donc modifier le niveau de verbosité des logs de sshd

LogLevel
Donne le niveau de verbosité utilisé lors de l’enregistrement des messages du démon sshd Les valeurs possibles sont : QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
Par défaut INFO. DEBUG et DEBUG1 sont équivalents. DEBUG2 et DEBUG3 spécifient des niveaux plus élevés de sortie de débogage. L’enregistrement à l’aide d’un niveau DEBUG a tendance à empiéter sur la vie privée des utilisateurs et n’est pas recommandé.
vi /etc/ssh/sshd_config
LogLevel QUIET

service ssh reload

Inconvénient, plus de trace en cas de piratage, assurez vous d’avoir un bon mot de passe.

voir aussi dans /etc/rsyslog.conf

Commenter la ligne suivante pour ne plus rien recevoir dans /var/log/auth.log

#auth,authpriv.*                        /var/log/auth.log

et relancez le service des journaux

service rsyslog restart

Dans auth.log il y a aussi un paquet de ligne venant de cron

Jun 24 20:35:01 edmchome CRON[9024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:35:01 edmchome CRON[9024]: pam_unix(cron:session): session closed for user root
Jun 24 20:36:01 edmchome CRON[9040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:36:01 edmchome CRON[9040]: pam_unix(cron:session): session closed for user root
Jun 24 20:37:01 edmchome CRON[9056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:37:02 edmchome CRON[9056]: pam_unix(cron:session): session closed for user root
Jun 24 20:38:01 edmchome CRON[9072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:38:01 edmchome CRON[9072]: pam_unix(cron:session): session closed for user root
Jun 24 20:39:01 edmchome CRON[9088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:39:01 edmchome CRON[9088]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:01 edmchome CRON[9104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:40:02 edmchome CRON[9104]: pam_unix(cron:session): session closed for user root
Jun 24 20:41:01 edmchome CRON[9120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:41:01 edmchome CRON[9120]: pam_unix(cron:session): session closed for user root
Jun 24 20:42:01 edmchome CRON[9136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:42:02 edmchome CRON[9136]: pam_unix(cron:session): session closed for user root
Jun 24 20:43:01 edmchome CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:43:01 edmchome CRON[9152]: pam_unix(cron:session): session closed for user root
Jun 24 20:44:01 edmchome CRON[9168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:44:01 edmchome CRON[9168]: pam_unix(cron:session): session closed for user root
Jun 24 20:45:01 edmchome CRON[9184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:45:02 edmchome CRON[9184]: pam_unix(cron:session): session closed for user root
Jun 24 20:46:01 edmchome CRON[9200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:46:01 edmchome CRON[9200]: pam_unix(cron:session): session closed for user root
Jun 24 20:47:01 edmchome CRON[9216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:47:02 edmchome CRON[9216]: pam_unix(cron:session): session closed for user root
Jun 24 20:48:01 edmchome CRON[9232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:48:01 edmchome CRON[9232]: pam_unix(cron:session): session closed for user root
Jun 24 20:49:01 edmchome CRON[9248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:49:01 edmchome CRON[9248]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:01 edmchome CRON[9264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:50:02 edmchome CRON[9264]: pam_unix(cron:session): session closed for user root
Jun 24 20:51:01 edmchome CRON[9280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:51:01 edmchome CRON[9280]: pam_unix(cron:session): session closed for user root
Jun 24 20:52:01 edmchome CRON[9296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:52:02 edmchome CRON[9296]: pam_unix(cron:session): session closed for user root
Jun 24 20:53:01 edmchome CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:53:01 edmchome CRON[9312]: pam_unix(cron:session): session closed for user root
Jun 24 20:54:01 edmchome CRON[9328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:54:01 edmchome CRON[9328]: pam_unix(cron:session): session closed for user root
Jun 24 20:55:01 edmchome CRON[9344]: pam_unix(cron:session): session opened for user root by (uid=0)

1ère méthode trouvé sur le net mais qui ne marche pas pour moi

Pour éviter ça, modifiez /etc/pam.d/common-session-noninteractive

vi /etc/pam.d/common-session-noninteractive

après la ligne

session required pam_unix.so

ajoutez

session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

Redémarrez le service crond

service cron restart

2ème méthode qui marche pour moi :)

Configurer le rsyslog pour exclure ce type d’entrée dans les logs. Editez le fichier /etc/rsyslog.conf

vi /etc/rsyslog.conf

Modifiez la ligne

auth,authpriv.*                 /var/log/auth.log

par

:msg, contains, "pam_unix(cron:session)" ~
auth,authpriv.*                 /var/log/auth.log

et redémarrez le service des journaux

service rsyslog restart

messages

syslog

Extrait:

Jul  4 06:26:19 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:26:31 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:26:43 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:26:59 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:27:18 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:27:33 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:27:49 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:28:05 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:28:15 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:28:34 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:28:46 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:28:57 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:29:11 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:29:21 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:29:31 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:29:50 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:00 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:10 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:25 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:32 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:46 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:30:56 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:31:11 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:31:20 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:31:31 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:31:45 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:31:55 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:32:09 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:32:18 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:32:26 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:32:35 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:32:55 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:33:11 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:33:30 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:33:44 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:33:54 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:34:08 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:34:20 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:34:30 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67
Jul  4 06:34:39 edmchome dhclient: DHCPREQUEST on eth0 to 192.168.0.254 port 67

Rien trouvé de concret sur le net à part configurer son réseau en ip static ce dont je n’ai pas envie de faire.

Ma solution un peu brut mais qui marche est de faire un

killall dhclient

Extrait

Jul  5 09:17:01 edmchome /USR/SBIN/CRON[9951]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 10:17:01 edmchome /USR/SBIN/CRON[9996]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 11:17:01 edmchome /USR/SBIN/CRON[10117]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 12:17:01 edmchome /USR/SBIN/CRON[10163]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 13:17:01 edmchome /USR/SBIN/CRON[10592]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 14:17:01 edmchome /USR/SBIN/CRON[13626]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 15:17:01 edmchome /USR/SBIN/CRON[16127]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 16:17:01 edmchome /USR/SBIN/CRON[16790]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 17:17:01 edmchome /USR/SBIN/CRON[16832]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 18:17:01 edmchome /USR/SBIN/CRON[16876]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 19:17:01 edmchome /USR/SBIN/CRON[16920]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 20:17:01 edmchome /USR/SBIN/CRON[16961]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)
Jul  5 21:17:01 edmchome /USR/SBIN/CRON[17163]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly > /dev/null)

Editer le fichier /etc/default/cron puis dé-commentez la dernière ligne en spécifiant

EXTRA_OPTS='-L 4'

Ce qui permet de logguer tout de même les erreurs, sinon remplacez 4 par 0

Un petit redémarrage du service au cas ou

service cron restart

user.log

wtmp

rsnapshot.log

kern.log

Extrait :

Jul  3 00:49:15 edmchome kernel: [219188.969066] net_ratelimit: 2423 callbacks suppressed
Jul  3 00:49:15 edmchome kernel: [219188.969107] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.969815] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.969866] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.969968] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970058] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970093] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970121] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970146] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970188] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:15 edmchome kernel: [219188.970215] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.272645] net_ratelimit: 3043 callbacks suppressed
Jul  3 00:49:22 edmchome kernel: [219196.272699] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.273692] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.273777] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.273889] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.273941] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.273967] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.274021] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.274191] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.274233] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:49:22 edmchome kernel: [219196.274259] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219244] net_ratelimit: 3633 callbacks suppressed
Jul  3 00:51:44 edmchome kernel: [219338.219286] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219383] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219516] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219554] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219598] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219664] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219705] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219732] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219754] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
Jul  3 00:51:44 edmchome kernel: [219338.219830] smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped

Solution trouvé : http://wood1978.dyndns.org/~wood/wordpress/2013/04/03/fix-smsc95xx-1-1-11-0-eth0-kevent-2-may-have-been-dropped-on-raspberry-pi-with-arch-linux

Ajouter smsc95xx.turbo_mode=N dans le fichier /boot/cmdline.txt

smsc95xx.turbo_mode=N dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=noop rootdelay=24

Modifier ou ajoutez les valeurs suivantes dans le fichier /etc/sysctl.conf

#vm.vfs_cache_pressure = 100
vm.vfs_cache_pressure = 300
#vm.min_free_kbytes=8192
vm.min_free_kbytes=32768

Mettez à jour sysctl

sysctl -p

lastlog

daemon.log

Les services

console-kit-daemon

Le paquet ConsoleKit est un environnement pour garder une trace des différents utilisateurs, des sessions, et des places présents sur un système. Il offre aux logiciels un mécanisme pour réagir aux modifications de ces éléments ou d’une des métadonnées qui y est associée.

polkitd

triggerhappy

dbus-daemon

Stopper tous les logs

Solution radicale pour éviter l’écriture des logs

sudo systemctl stop rsyslog
sudo systemctl disable rsyslog

ou

Edit the file /etc/rsyslog.conf and just after the section starting

###############
#### RULES ####
###############

add the following line.

If you want to be more fine-grained you will need to read the file comments.

Do not forget to restart rsyslog daemon:

sudo service rsyslog restart