In Citrix Hypervisor, the log partition can sometimes fill up with excessive logs. This article lists some ways to configure logging to decrease the volume of logs.

Note: Filtering out and decreasing log entries can avoid the log partition filling up. However, it can also filter out log messages that might be useful in debugging. Ensure that you also take steps to discover the root causes of unusually large amounts of logging.

You can also tune log rotation to ensure that your logs are archived on an appropriate schedule. For more information, see XenServer Syslog Rotation and Tuning.

Before trying the fixes listed in this article, ensure that you install hotfix XS82E031 (https://support.citrix.com/article/CTX327907) on your Citrix Hypervisor servers.
 

When /var/log/secure.log is filling up rapidly

Sometimes, the secure logs on pool members (and not the pool master) can fill up with stunnel-related log entries.

To filter out these logs:

1. In the file /etc/rsyslog.d/xenserver.conf, before the line `authpriv.*  ~/var/log/secure`, add the following lines:
   • :msg, contains, "LOG6" ~
   • :msg, contains, "LOG7" ~
2. Verify that the file /etc/stunnel/xapi.conf contains the following line:
   • debug = authpriv.5
3. If you update /etc/stunnel/xapi.conf to add or change the line, ensure that you restart stunnel with the following command:
   • systemctl restart stunnel@xapi

Note: The file /etc/stunnel/xapi.conf is generated every time xapi restarts or the Citrix Hypervisor server restarts. Your changes to this file will be removed as part of the restart.

When /var/log/daemon.log is filling up rapidly

Sometimes, a single Windows VM can begin to fill up daemon.log after the VM is rebooted.

You can turn down the logging that this VM sends to the daemon.log:

1. Determine which VM is creating all the log entries by looking for the value "qemu-dm-UUU" in the log entries. UUU is the domain number of the VM.
2. On the Windows VM, create the following registry entry:

Key: "HKLM\System\CurrentControlSet\Services\Xen\Parameters"
Name: "QemuLogLevel"
Type: REG_MULTI_SZ
Value: "WARNING", "ERROR", "CRITICAL" 

1.  Reboot the VM.

Note: The value of the QemuLogLevel registry entry can be 0 or more of ("TRACE", "INFO", "WARNING", "ERROR", "CRITICAL"). The default set is ("INFO", "WARNING", "ERROR", "CRITICAL"). The set ("WARNING", "ERROR", "CRITICAL") is a reduced set that decreases the amount of logging a VM sends to daemon.log.