teun.nijssen
Posts: 2
Joined: Thu Aug 01, 2019 9:50 am

Buster on Pi 4 rngd logging

Thu Aug 01, 2019 10:01 am

rngd is rather noisy in buster Pi4 syslog

Aug 1 11:20:32 pinfs rngd[415]: stats: bits received from HRNG source: 80064
Aug 1 11:20:32 pinfs rngd[415]: stats: bits sent to kernel pool: 34848
Aug 1 11:20:32 pinfs rngd[415]: stats: entropy added to kernel pool: 34848
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2 successes: 4
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2 failures: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2(2001-10-10) Monobit: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2(2001-10-10) Poker: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2(2001-10-10) Runs: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2(2001-10-10) Long run: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS 140-2(2001-10-10) Continuous run: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: HRNG source speed: (min=393.387; avg=482.801; max=536.986)Kibits/s
Aug 1 11:20:32 pinfs rngd[415]: stats: FIPS tests speed: (min=9.135; avg=11.450; max=12.573)Mibits/s
Aug 1 11:20:32 pinfs rngd[415]: stats: Lowest ready-buffers level: 2
Aug 1 11:20:32 pinfs rngd[415]: stats: Entropy starvations: 0
Aug 1 11:20:32 pinfs rngd[415]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us

How do I configure it for warnings/errors only?

epoch1970
Posts: 4492
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 2:30 pm

I don't think you can according to the man page.
If I am correct, you'd need to do that by configuring the system logging service.
I'm afraid it is called journalctl on Raspbian. The thing logs everything and only offers you to filter on output, AFAIK.
I do not know what generates the "legacy" /var/log/syslog file on Raspbian, I suppose you'd want to tweak the config of that service.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

bls
Posts: 452
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 3:03 pm

This service generates regular and (from my perspective) not very useful log spew. Some user-adjustable spew control would be super-awesome.

trejan
Posts: 1217
Joined: Tue Jul 02, 2019 2:28 pm

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 3:06 pm

You can't. rngd will always dump its internal stats every hour. If it really bothers you then you can filter it out of the logs by adding rules for rsyslog in /etc/rsyslog.d

bls
Posts: 452
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 3:24 pm

trejan wrote:
Thu Aug 01, 2019 3:06 pm
You can't. rngd will always dump its internal stats every hour. If it really bothers you then you can filter it out of the logs by adding rules for rsyslog in /etc/rsyslog.d
That's great if you're using rsyslog, but even in that case, I believe all the spew still ends up in the systemd journal (viewable via journalctl), doesn't it? And yes, I know that rngd dumps its internal stats every hour. I'm suggesting that a knob to control how often it dumps, or even IF it dumps at all, would be a super-nice addition, and similar to that provided by many other services.

trejan
Posts: 1217
Joined: Tue Jul 02, 2019 2:28 pm

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 4:03 pm

bls wrote:
Thu Aug 01, 2019 3:24 pm
That's great if you're using rsyslog, but even in that case, I believe all the spew still ends up in the systemd journal (viewable via journalctl), doesn't it?
Yes. journalctl reads a file in /run/log/journal
bls wrote:
Thu Aug 01, 2019 3:24 pm
And yes, I know that rngd dumps its internal stats every hour. I'm suggesting that a knob to control how often it dumps, or even IF it dumps at all, would be a super-nice addition, and similar to that provided by many other services.
I was replying to the original post and not your post about adding a control knob. Raspbian is just compiling the upstream Debian maintained version as they've not changed anything. You'll have to talk to the Debian package maintainer for this feature request but the last change was back in 2011.

There appears to be a newer maintained version based off the same code at https://github.com/nhorman/rng-tools It has had a lot more changes made to it and doesn't have the hourly stat dump.

It would be nice to be able to turn it off or change the frequency but I doubt we'll get that option. Just try to ignore it...

bls
Posts: 452
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 5:28 pm

trejan wrote:
Thu Aug 01, 2019 4:03 pm
I was replying to the original post and not your post about adding a control knob. Raspbian is just compiling the upstream Debian maintained version as they've not changed anything. You'll have to talk to the Debian package maintainer for this feature request but the last change was back in 2011.

There appears to be a newer maintained version based off the same code at https://github.com/nhorman/rng-tools It has had a lot more changes made to it and doesn't have the hourly stat dump.

It would be nice to be able to turn it off or change the frequency but I doubt we'll get that option. Just try to ignore it...
Oopsie. too much coffee this morning for me :o. Do you happen to know what rng-tools does/what the effect would be if it were just disabled?

trejan
Posts: 1217
Joined: Tue Jul 02, 2019 2:28 pm

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 5:42 pm

bls wrote:
Thu Aug 01, 2019 5:28 pm
Oopsie. too much coffee this morning for me :o.
Easy to make a mistake and I've certainly done it many times :(
bls wrote:
Thu Aug 01, 2019 5:28 pm
Do you happen to know what rng-tools does/what the effect would be if it were just disabled?
It does two things. It tests the output of the hardware RNG to ensure it is working properly and it also feeds data into the entropy pool of the kernel from the hardware RNG. If you don't have it then the Linux kernel will still use the hardware RNG but it mixes it with its own internal slow to generate source entropy which is device activity. Your system will boot without rng-tools but if anything wants a lot of bits from /dev/random then it may block for a very long time as the pool slowly fills.

Those hourly stat dumps in the Debian version are the results of those tests.

Andyroo

Re: Buster on Pi 4 rngd logging

Thu Aug 01, 2019 6:59 pm

These tools where introduced to Raspbian Stretch back in April this year to address an issue on headless Pi boards or VNC not seeming to be starting correctly or with a very long delay.

Some of this is discussed in this thread amongst others https://www.raspberrypi.org/forums/view ... 8&t=240139

If this bothers the OP that much you could remove it and

Code: Select all

sudo apt-get install haveged
as a different generator. Do not try without though - the Pi has a hardware random generator built in BUT the kernel does not use it without extra software.

bls
Posts: 452
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: Buster on Pi 4 rngd logging

Fri Aug 02, 2019 3:29 am

Andyroo wrote:
Thu Aug 01, 2019 6:59 pm
These tools where introduced to Raspbian Stretch back in April this year to address an issue on headless Pi boards or VNC not seeming to be starting correctly or with a very long delay.

Some of this is discussed in this thread amongst others https://www.raspberrypi.org/forums/view ... 8&t=240139

If this bothers the OP that much you could remove it and

Code: Select all

sudo apt-get install haveged
as a different generator. Do not try without though - the Pi has a hardware random generator built in BUT the kernel does not use it without extra software.
Thanks for the background, Andyroo!

teun.nijssen
Posts: 2
Joined: Thu Aug 01, 2019 9:50 am

Re: Buster on Pi 4 rngd logging

Fri Aug 02, 2019 4:05 pm

Thanks all; you confirmed what I already supposed.
And perhaps noisyness should be expected from an rng ;)

Gooseman
Posts: 17
Joined: Mon Apr 16, 2012 5:08 pm

Re: Buster on Pi 4 rngd logging

Wed Oct 09, 2019 1:17 pm

I may have solution for the rngd logs.. we can have rsyslog have them write in a dedicated log file (say /var/log/rnd.log):

generate a /etc/rsyslog.d/rng.conf

Code: Select all

# redirect rngd output on Raspberry Pi Buster
# distribution into /var/log/rng.log to
# avoid cluttering /var/log/syslog

# redirect all messages coming from rng
:programname,startswith,"rng" /var/log/rng.log

# and discard them for the following rsyslog
# actions
:programname,startswith,"rng" stop
followed by restarting the rsyslog service:

Code: Select all

 sudo systemctl restart rsyslog.service
seems to work for me...

dgerman
Posts: 12
Joined: Sat May 04, 2013 7:27 pm

Re: Buster on Pi 4 rngd logging

Fri Dec 06, 2019 12:20 am

It seems to me that suppressing the "performance" statics is very nice (should be logged as debug level), but entries like
Lowest ready-buffers level: 0
block failed FIPS test: 0x04
Entropy starvations: 86
Should be logged at warning level, after all that's what syslog levels are for.

Gooseman: any chance you could enhance your syslog conf to effect that?

By the way, the reason I'm here is trying to find out what the best action I should take (if any) to correct the issue of starvation. (Should I start a new topic?)

Gooseman
Posts: 17
Joined: Mon Apr 16, 2012 5:08 pm

Re: Buster on Pi 4 rngd logging

Fri Dec 06, 2019 8:58 am

Could you post the full log entry line (minus any personal info)? I guess we could tweak the rsyslog filter but we would need to know exactly what to filter for.

Return to “Raspbian”