[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

syslog.conf is utter crap?


Just experimented with fwanalog, which I am packaging right now (it's an 
iptables log-file analyzer). Doing this, I also wanted to become better at 
checking my logs, so I actually started to look at all the accumulated cruft 
I had. Can it really be true, that the default syslog.conf logs for example 
the DROP's from iptables in /three/ different places?? (syslog, messages, and 
kern.log). Also, all mail-logging is duplicated - mail.log gets it all, 
mail.info also gets it all, mail.warn gets warnings&errors, and last but not 
least mail.err gets errors (and above, of course).. Redundancy, I hear you 

Right now, I'm fiddling with a better setup. Is there some "guideline" I 
should adhere to? Is there a Un*x-standard (or POSIX?) about log-files. Or do 
I have free hands when choosing log-files, etc. Also, would my work in 
reducing this redundancy-garbage be of any use to others, and which packages 
would I break (read: who depends on specific files in /var/log)

Kenneth Vestergaard Schmidt

Reply to: