0

I am wondering are there any drawback (performance wise) when output from some software is not logged to a file, but instead to console?

Specific case would be running Docker containers, as some of processes are intentionaly configured to log on stdout.

With files, only problem that can cross my mind is space used by logs, and some IO depending how aggressive logging is.

To give an example, let say I have a webserver app in Docker container that logs access logs to stdout(console), and let's imagine that container stays running for 1y constantly, would that kind of large buffer stay in memory (kernel one?) , for all the time, or kernel would eventually wipe it after some limit?

Should I be potentially affraid of some memory exhaustion in this case and kernel panics, or I misunderstand concept?

( i understand that when app|container|node is down, console is flushed, same as when dmesg is cleared )

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
fugitive
  • 1,563

1 Answers1

0

It is a bad idea.

Logging to the system console is a special case of directing log output to any real terminal or kernel virtual terminal device. There is no ever-growing kernel buffer. What scrolls off the top of the terminal display is lost.

This is, however, a bad idea for logging a WWW server.

Learn the lesson from "Bash displaying gibberish after specific incoming request" and do not provide attackers with the means to write arbitrary stuff to your terminals, especially to your system console.

And do not assume that security is unneeded on a LAN. Always secure servers that accept stuff over any network.

Have your process's standard error and standard output connected to a pipe, the other end of which is one of the tools mentioned at https://unix.stackexchange.com/a/505854/5132 :

./thing-to-be-logged 2>&1 | cyclog logs/

These tools guarantee that the files in logs/ consume no more than a specified amount of disc space, and do log rotation automatically and at the correct points. Viewing the logs even with something as simple as less ensures that attacker-supplied data are sanitized (to an extent) rather than just spat out to a terminal device as-is. (Do not use the -R option to less, of course.)

Further reading

  • Jonathan de Boyne Pollard (2018). "linux-console". Devices. nosh toolset.
  • Jonathan de Boyne Pollard (2016). "Logging". nosh Guide. Softwares.
  • Jonathan de Boyne Pollard (2015). "Logging". The daemontools family. Frequently Given Answers.
JdeBP
  • 68,745