RFC: (m)syslog default config
Hi all
Today at 1:45 am I suddently felt the urge to look a bit into
the default msyslog.conf. My idea was to reduce redundant
logging but still have some sorting by severity
(syslog,messages) and facility (even though hardly any sysadmin
I asked about this uses other than *.* logfiles). Such a setup
can be done with sysklogd and syslog-ng too, thus this thread is
not limited to msyslog.
If any packages make assumptions about the configuration of
system logging, this is a good occasion to fix them ...
[I use ; as prefix for comments that are not part of the config]
# /etc/msyslog.conf Configuration file for syslogd.
# Modified for msyslog by Arthur Korn.
#
# For more information see msyslog.conf(5)
# manpage.
#
# Do not use other modules than %classic before you understand
# how they work. BEWARE OF ROTATING PEOED LOGS WITH LOGROTATE
# (more in /usr/share/doc/msyslog/README.Debian)
#
# Msyslog uses a slightly different syntax than old
# syslogd. See below and in
# /usr/share/doc/msyslog/examples for examples (NB: don't
# use '\' to continue lines and make shure you always use
# a tab (not a space) as field seperator.
#
# If you add new logfiles they will be rotated
# automatically, see update-syslogrotate(8) for more on
# this. Update-syslogrotate is invoked in
# /etc/init.d/msyslog.
#
# First some standard logfiles.
#
*.*;auth,authpriv.none %classic /var/log/syslog
*.warn;mark.*;auth,authpriv.none %classic /var/log/messages
; Don't log auth stuff to these files, since they sometimes
; contain passwords (Is auth password-free?). Have marks in
; all logfiles. I don't do redundant facility specifications
; as sysklogd does, since IMO they are more confusing than
; useful.
#
# Log by facility.
#
; This is just one logfile per facility (with the exception of
; auth and authpriv). I commented out those facilities which
; have activity on just about every system even though I
; rarely needs them seperate (ie they are in syslog and messages
; anyway).
auth,authpriv.* %classic /var/log/auth.log
; auth.log is the only place where auth stuff is logged.
#cron.* %classic /var/log/cron.log
#daemon.* %classic /var/log/daemon.log
ftp.* %classic /var/log/ftp.log
#kern.* %classic /var/log/kern.log
#lpr.* %classic /var/log/lpr.log
#mail.* %classic /var/log/mail.log
news.* %classic /var/log/news.log
#syslog.* %classic /var/log/syslog.log
#user.* %classic /var/log/user.log
uucp.* %classic /var/log/uucp.log
; I commented those out, since I consider them to be a waste of
; space on anything but mailservers. Remember, this is just a
; default.
#
# Logging for the mail system.
#
#mail.info %classic /var/log/mail.info
#mail.warn %classic /var/log/mail.warn
#mail.err %classic /var/log/mail.err
; Since there are no messages to the news facility if one
; hasn't installed some news daemon this will just produce empty
; logfiles.
# Logging for INN news system
#
news.crit %classic /var/log/news/news.crit
news.err %classic /var/log/news/news.err
news.notice %classic /var/log/news/news.notice
#
# Emergencies are sent to everybody logged in.
#
*.emerg %classic *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#*.*;auth,authpriv.none %classic /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
*.warn %classic |/dev/xconsole
#
# For central logging (transport UDP, see om_pgsql(8),
# om_mysql(8), om_tcp(8) for other kinds of remote logging).
# See im_udp(8) for how to set up the server.
#
# *.* %classic @loghost
#EOF
ciao, 2ri
--
if (argc > 1 && strcmp(argv[1], "-advice") == 0) {
printf("Don't Panic!\n"); exit(42);
}
(Arnold Robbins in the LJ of February '95, describing RCS)
Reply to: