Introduction
When reviewing journald logs for Vault, it is possible that sections are missing and the journal reporting messages have been suppressed for the Vault service.
Cause
An error example journal: Suppressed 30995 messages from /system.slice/vault.service can be caused by the journald rate limiting configuration. It is a default safeguard so that a particular service does not overwhelm a system by excessive logging. The default is 10000 log entries every 30 seconds. Therefore, any amount of log lines produced by the service, during that time period will be suppressed, possibly resulting in missing critical information.
Solution
While rate limiting is a safeguard, it can be disabled by the following:
- Edit the
/etc/systemd/journald.conffile - Set the below parameters:
RateLimitInterval=0RateLimitBurst=0
- Restart the journald process
$ systemctl restartsystemd-journald
Alternatively, those values can be tuned if the output is expected to be verbose. All log messages should be now be logging to the journal without being suppressed.
Additional Information
While this article is focused on journald, other system services may also have rate limiting configured i.e. rsyslog which may also need to be addressed.