Home Ubuntu Customizing or disabling system logging in Ubuntu

Customizing or disabling system logging in Ubuntu

Discover how to adjust log levels, create custom log files, and selectively disable logging using the rsyslog service, ensuring an optimal balance between system performance and effective monitoring.

by Arun Kumar
customizing and disabling system logs in ubuntu

In this blog, we will explore the critical aspects of customizing and disabling system logging in Ubuntu, a topic of great importance for both system administrators and Linux enthusiasts. System logging, managed by the rsyslog service in Ubuntu plays a pivotal role in monitoring, troubleshooting, and securing the system.

We shall delve into how to effectively customize log levels and create custom log files, as well as the steps to disable logging, either partially or entirely. Additionally, we will see the significant impact of system logging on Ubuntu’s performance, highlighting the need for a balanced approach to ensure efficient system operation.

Understanding the basics of system logging in Ubuntu

Before we delve into customization, it’s essential to understand what system logging is. In Ubuntu, like in many Linux distributions, system logging is handled by a service called rsyslog. This service collects and stores log data from various parts of the system, helping you monitor, troubleshoot, and secure your environment.

Why bother with system logging?

From my personal experience, system logging has been a lifesaver more times than I can count. It’s like having a black box in an airplane; when something goes wrong, logs are often the first place I look.

Customizing system logging

Customizing system logging in Ubuntu is done by editing the rsyslog configuration files. These files are typically located in /etc/rsyslog.conf and /etc/rsyslog.d/.

Step-by-step guide to editing log levels

  1. Open the main configuration file: Use a text editor to open /etc/rsyslog.conf. For example, sudo nano /etc/rsyslog.conf.
  2. Modify log levels: Find the line that looks like *.emerg. The asterisk (*) and the word emerg represent the facility and the priority, respectively. You can change these to adjust what gets logged. For instance, changing it to *.info will log informational messages and above.
  3. Save and exit: After making your changes, save the file and exit the editor.
  4. Restart the rsyslog service: Apply the changes by restarting the service with sudo systemctl restart rsyslog.

Sample input and output

sudo nano /etc/rsyslog.conf
# Edit the file as needed
sudo systemctl restart rsyslog

Creating custom log files

You might want to store logs from a specific application in a separate file. Here’s how:

  1. Create a new configuration file in /etc/rsyslog.d/: For example, sudo nano /etc/rsyslog.d/myapp.conf.
  2. Define the log file and criteria: Add a line like :programname, isequal, "myapp" /var/log/myapp.log.
  3. Restart rsyslog.

Sample input and output

sudo nano /etc/rsyslog.d/myapp.conf
# Add custom logging rules
sudo systemctl restart rsyslog

Impact of system logging on Ubuntu performance

When discussing system logging in Ubuntu, it’s crucial to consider its impact on system performance. Logging, while invaluable for monitoring and troubleshooting, can sometimes be a double-edged sword, especially in terms of performance.

How does logging affect performance?

  1. Disk I/O: Logging involves writing data to disk. If your system is generating a large volume of logs, this can lead to increased disk I/O, potentially slowing down other operations that require disk access.
  2. Disk Space: Logs can consume significant disk space over time. This is particularly concerning in systems with limited storage capacity. Full disks not only halt logging but can also disrupt system functions.
  3. CPU Usage: The process of formatting log messages and writing them to disk consumes CPU resources. In systems with high log volumes, this can lead to noticeable CPU usage.
  4. Network Performance: If your logs are being transmitted over a network (for example, to a centralized logging server), this can consume network bandwidth and affect network performance.

Balancing logging and performance

  1. Log Rotation: Implementing log rotation is crucial. This process involves periodically archiving old log files and starting new ones, preventing logs from consuming too much disk space. Tools like logrotate in Ubuntu automate this process.
  2. Adjusting Log Levels: As mentioned earlier, adjusting log levels can reduce the volume of logs generated. For instance, switching from a verbose level like debug to a higher level like error can significantly reduce log volume.
  3. Selective Logging: Be selective about what you log. Logging only what is necessary can reduce the impact on system resources.
  4. External Logging Solutions: Consider using external logging solutions or services, especially for high-volume logging. This can offload the storage and processing burden from your system.

What I found out

In my experience, I’ve seen systems slowed down by unchecked logging. It’s like letting the faucet run — eventually, it can overflow and cause problems. Regularly monitoring and adjusting your logging strategy is key to maintaining a healthy balance between information gathering and system performance.

Disabling system logging on Ubuntu

If you are in for performance all the time and don’t care about system logging, you can consider disabling it entirely. Here’s how to do it.

Disabling specific logs

If you find certain logs unnecessary (like mail logs in a non-mail server), you can disable them.

  1. Find the line related to the log:For instance, to disable mail logs, look for:
    mail.*                                                  -/var/log/maillog
  2. Comment out the line by adding a # at the beginning:
    #mail.*                                                 -/var/log/maillog

    Expected result: No more mail logs will be recorded, freeing up resources.

Disabling rsyslog logs

  1. Edit the configuration file: Open the relevant file in /etc/rsyslog.d/.
  2. Comment out or remove the lines: For the logs you want to disable.
  3. Restart rsyslog.

Completely disabling rsyslog

  1. Stop the service: sudo systemctl stop rsyslog.
  2. Disable the service: sudo systemctl disable rsyslog.

Quick reference guide: Managing system logging in Ubuntu

Here is a table that provides a quick reference for the key tasks and commands associated with customizing and managing system logging in Ubuntu. It’s a handy guide for users to refer to when making adjustments to their system’s logging setup.

Task in System Logging Key Commands/Notes
Open Main Configuration File sudo nano /etc/rsyslog.conf
Modify Log Levels Change the line like *.emerg to desired level (e.g., *.info)
Restart rsyslog Service sudo systemctl restart rsyslog
Create Custom Log File Create a file in /etc/rsyslog.d/, e.g., sudo nano /etc/rsyslog.d/myapp.conf
Define Criteria for Custom Logs Add a line like :programname, isequal, "myapp" /var/log/myapp.log
Disable Specific Logs Comment out or remove lines in /etc/rsyslog.d/ configuration files
Completely Disable rsyslog Stop: sudo systemctl stop rsyslog, Disable: sudo systemctl disable rsyslog
Implement Log Rotation Use logrotate for automating log file rotation
Adjusting for Performance Be selective in logging; consider external logging solutions

Frequently Asked Questions (FAQs) about system logging in Ubuntu

What is rsyslog in Ubuntu?

rsyslog is the default logging daemon in Ubuntu. It’s responsible for receiving log messages from various system processes, formatting them, and then writing them to the appropriate log files.

How can I view log files in Ubuntu?

Log files in Ubuntu are typically stored in /var/log/. You can view them using a text editor or a command like cat, less, or tail. For example, sudo tail -f /var/log/syslog shows real-time updates to the syslog.

Can I log messages from a specific application to its own file?

Yes, you can configure rsyslog to divert logs from a specific application to a separate file by creating a custom configuration file in /etc/rsyslog.d/ and specifying the criteria for logging.

Does disabling logging improve system performance?

Disabling logging can improve performance, especially on systems with limited resources. However, it’s important to balance the need for logs for troubleshooting and monitoring against the performance gains from disabling logging.

How often should I rotate logs?

The frequency of log rotation depends on the volume of logs generated and the available disk space. Ubuntu typically uses logrotate, which is configured to rotate logs weekly, but this can be adjusted based on your needs.

Is it safe to delete old log files?

Yes, it’s generally safe to delete old log files, especially if they have been archived and are no longer needed for active troubleshooting. However, ensure you understand the contents and importance of the logs before deleting them.

How do I change the log level in Ubuntu?

To change the log level, edit the /etc/rsyslog.conf file or the relevant files in /etc/rsyslog.d/. You can specify the desired log level (e.g., info, error, debug) for different services or system components.

Can I send Ubuntu logs to a remote server?

Yes, rsyslog supports sending logs to a remote server. You need to configure the rsyslog client to forward logs to a specified server address and set up the receiving server to accept and store these logs.

What happens if the disk gets full due to logs?

If the disk gets full, Ubuntu may become unstable, and logging will cease. Critical system functions might also be affected. It’s important to monitor disk usage and implement log rotation to prevent disks from filling up.

Can I filter logs in Ubuntu?

Yes, you can filter logs in Ubuntu by configuring rsyslog rules. You can filter logs based on properties like program name, severity level, or any other syslog property.


Throughout our discussion on customizing and disabling system logging in Ubuntu, we’ve seen how these processes can be tailored to suit specific needs and scenarios. From adjusting log levels to managing the impact on system performance, the flexibility of Ubuntu’s logging system allows for a tailored approach that can enhance system efficiency and relevance of logged data.

As a system administrator who has spent countless hours sifting through logs, I’ve come to appreciate the art of fine-tuning logging systems. It’s not just about having data; it’s about having the right data. Happy logging!

You may also like

Leave a Comment



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us


©2016-2023 FOSS LINUX



“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.