Logging practices (and why does it suck in Debian?)
The last couple of days I've been toying around with my logs, getting them
straightened up and such, and one thing struck me : logging in Debian is far
from efficient, let alone ideal.
My first grievance was, that my mail-logs quickly filled up with duplicate
information. Also, some of my other log-files seemed to contain a lot of
duplicate entries. So, I started reading the syslog.conf manpage, and
actually got a little insight into the workings of syslog :)
So, what I want to do now is totally overhaul syslog.conf, so I have more
specific logging, with little or no duplicate entries (unless this is wanted,
of course). I'm fed up with going through logs containing a lot of
information I read earlier on. Also, I have set up fwanalog to analyze my
firewall's activities, and I see no reason why these messages appear in both
syslog, kern.log and messages, when there's no reason that I ever look at
them (since they're analyzed and reported to me later).
Before I start this, however, I would really like to know if this is just
going to be something I'll do for myself, or if there's anybody else
interested in it? Maybe even design it for inclusion in Debian? I personally
think this should be done, since the default now sucks (to put it mildly).
I really need some feedback on this: is sysklogd what people use? Who has
modified their syslog.conf? And to what need, and was it sufficient? What do
people want from their logging? Is there any standards that I should be aware
Kenneth Vestergaard Schmidt, really wanting to improve this.