Re: Followup: Syslog
On Sat, Apr 14, 2001 at 12:08:50AM +0200, Kenneth Vestergaard Schmidt wrote:
> After reading through the features which people would like to see, it seems
> to me that there is really need for something else besides sysklogd. What I
> really want to know is, why is syslog-ng and/or msyslog not more widely used?
> What do they lack? Compatibility and security are the only points I can see
> where they might not qualify as a total replacement.
I think they are not more widely used because they do not make
understanding and managing logged information easier. For most
users, this is probably the only thing that would make them change.
Unfortunately, I think this would be very challenging. First, you
are constrained by the syslog API. For example, one of the items on
your list was "user-defined facilities". This cannot be done in any
meaningful way without changing the API. In my opinion, you'd like
even more metadata on logged messages: Is this about
authentication, authorization, network problems, data corruption, a
subsystem failure? To what session, connection, or user does it
apply? It is difficult today to follow the strand of related
messages. Additional metadata could help. But this requires a
whole new API.
Second, applications need to cooperate. Many programs don't even
document what facility they use, much less let you change it. To
really make use of their logs, you want to know what they do and (as
importantly) don't log; the exact format of messages (for automatic
analysis); and where to get more details about a message. But this
is a lot of work for a lot of applications, and logging tends to be
a low priority item.
I think we're going to be stuck with hard to understand logs for a
long time.
Andrew
Reply to: