syslog.conf is utter crap?
Hi...
Just experimented with fwanalog, which I am packaging right now (it's an
iptables log-file analyzer). Doing this, I also wanted to become better at
checking my logs, so I actually started to look at all the accumulated cruft
I had. Can it really be true, that the default syslog.conf logs for example
the DROP's from iptables in /three/ different places?? (syslog, messages, and
kern.log). Also, all mail-logging is duplicated - mail.log gets it all,
mail.info also gets it all, mail.warn gets warnings&errors, and last but not
least mail.err gets errors (and above, of course).. Redundancy, I hear you
say?
Right now, I'm fiddling with a better setup. Is there some "guideline" I
should adhere to? Is there a Un*x-standard (or POSIX?) about log-files. Or do
I have free hands when choosing log-files, etc. Also, would my work in
reducing this redundancy-garbage be of any use to others, and which packages
would I break (read: who depends on specific files in /var/log)
Regards,
Kenneth Vestergaard Schmidt
Reply to: