Re: Different logging formats, standardization...
Hello!
El sáb, 14-09-2002 a las 19:09, Nick Phillips escribió:
...
> Logcheck is a kludge. Requiring apps to log in a "standard format" to
> help logcheck work would only serve to increase the number of conspirators
> in and general dirtiness of the kludge.
Oh, I missed something in Debian. Is there a better tool for what
logcheck does?
> Filing bugs and LARTing authors who misuse the existing syslog priorities
I agree. Erich points out some very inconsistent logging practices that
have bothered me too. PAM is one example.
If the logcheck database list is starting please let us know, I'd share
happily my filters.
How about including in each package which creates syslog entries the
respective logcheck (or the better tool, Nick) -filters? At least in
/usr/share/doc/<package>/contrib.
Are there guidelines or a Debian Policy about logging? Could we be
better, more consistent, more secure than other unices?
Andrew Pimlot says, that logging on unix sucks, thats right, and
therefore several alternative logging utilities have been developed, but
of course not defeated the "standard".
syslog can loose messages, it is slow and uses "too much" resources.
If you need accounting, you need variable logfiles with (relatively)
precise cutting intervals, thats "standard" in Debian, but if you need
security you need fixed sized logs to prevent filling up the disks.
I'm sure, there can be found relatively best solutions for each
package/situation, and also some kind of interoperability, that allows
the admin to select his/her setup on a fine-graned basis.
Regards,
Jorge-León
Reply to: