[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Logging practices (and why does it suck in Debian?)


The last couple of days I've been toying around with my logs, getting them 
straightened up and such, and one thing struck me : logging in Debian is far 
from efficient, let alone ideal.

My first grievance was, that my mail-logs quickly filled up with duplicate 
information. Also, some of my other log-files seemed to contain a lot of 
duplicate entries. So, I started reading the syslog.conf manpage, and 
actually got a little insight into the workings of syslog :)

So, what I want to do now is totally overhaul syslog.conf, so I have more 
specific logging, with little or no duplicate entries (unless this is wanted, 
of course). I'm fed up with going through logs containing a lot of 
information I read earlier on. Also, I have set up fwanalog to analyze my 
firewall's activities, and I see no reason why these messages appear in both 
syslog, kern.log and messages, when there's no reason that I ever look at 
them (since they're analyzed and reported to me later).

Before I start this, however, I would really like to know if this is just 
going to be something I'll do for myself, or if there's anybody else 
interested in it? Maybe even design it for inclusion in Debian? I personally 
think this should be done, since the default now sucks (to put it mildly).

I really need some feedback on this: is sysklogd what people use? Who has 
modified their syslog.conf? And to what need, and was it sufficient? What do 
people want from their logging? Is there any standards that I should be aware 

Kenneth Vestergaard Schmidt, really wanting to improve this.

Reply to: