[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: syslog.conf is utter crap?

On Wed, Apr 11, 2001 at 12:49:58AM +0200, Kenneth Vestergaard Schmidt wrote:
> Hi...
> Just experimented with fwanalog, which I am packaging right now (it's an 
> iptables log-file analyzer). Doing this, I also wanted to become better at 
> checking my logs, so I actually started to look at all the accumulated cruft 
> I had. Can it really be true, that the default syslog.conf logs for example 
> the DROP's from iptables in /three/ different places?? (syslog, messages, and 
> kern.log). Also, all mail-logging is duplicated - mail.log gets it all, 
> mail.info also gets it all, mail.warn gets warnings&errors, and last but not 
> least mail.err gets errors (and above, of course).. Redundancy, I hear you 
> say?

I agree. I finally realized that my logs were so huge because debian's
default syslog.conf puts duplicate messages in so many places.

Here's my syslog.conf...

# First some standard logfiles.  Log by facility.
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv,mail.none	-/var/log/syslog
#cron.*				-/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log
rpc.*				-/var/log/nfs.log
*.emerg;*.crit;*.alert		/var/log/crit.log

# Some `catch-all' logfiles.
	news.none;mail.none	-/var/log/debug

# Emergencies are sent to everybody logged in.
*.emerg				*

Reply to: