Re: syslog.conf is utter crap?
On Wed, Apr 11, 2001 at 12:49:58AM +0200, Kenneth Vestergaard Schmidt wrote:
> Hi...
>
> Just experimented with fwanalog, which I am packaging right now (it's an
> iptables log-file analyzer). Doing this, I also wanted to become better at
> checking my logs, so I actually started to look at all the accumulated cruft
> I had. Can it really be true, that the default syslog.conf logs for example
> the DROP's from iptables in /three/ different places?? (syslog, messages, and
> kern.log). Also, all mail-logging is duplicated - mail.log gets it all,
> mail.info also gets it all, mail.warn gets warnings&errors, and last but not
> least mail.err gets errors (and above, of course).. Redundancy, I hear you
> say?
I agree. I finally realized that my logs were so huge because debian's
default syslog.conf puts duplicate messages in so many places.
Here's my syslog.conf...
# First some standard logfiles. Log by facility.
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv,mail.none -/var/log/syslog
#cron.* -/var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
rpc.* -/var/log/nfs.log
*.emerg;*.crit;*.alert /var/log/crit.log
# Some `catch-all' logfiles.
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
# Emergencies are sent to everybody logged in.
*.emerg *
Reply to: