[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging practices (and why does it suck in Debian?)

On Wed, 11 Apr 2001, Kenneth Vestergaard Schmidt wrote:

> My first grievance was, that my mail-logs quickly filled up with duplicate 
> information. Also, some of my other log-files seemed to contain a lot of 
> duplicate entries. So, I started reading the syslog.conf manpage, and 
> actually got a little insight into the workings of syslog :)

I've been there, and I have done some of that as well...

> So, what I want to do now is totally overhaul syslog.conf, so I have
> more specific logging, with little or no duplicate entries (unless
> this is wanted, of course).

I think most people which run some sort of automatic log parser have had
to do something like this or live with duplicate log entries.

> Before I start this, however, I would really like to know if this is just 
> going to be something I'll do for myself, or if there's anybody else 
> interested in it? Maybe even design it for inclusion in Debian? 

I agree it should be done, and I agree it ought to be included in
Debian. IMHO you ought to ask the sisklogd packager to use it as a better
default. I don't think such a revised configuration should be in a
separate package.

> I really need some feedback on this: is sysklogd what people use? 

I do use sysklogd. I tried syslog-ng, and perhaps will try it again sooner
or later, but syslog-ng was broken for some time in unstable, so I
reverted to sysklogd.

> Who has modified their syslog.conf? And to what need, and was it
> sufficient?

I did it myself, mainly to avoid some duplication and to put some entries
in a separate log file of their own.

> What do people want from their logging? Is there any standards that I
> should be aware of?

I want a good signal to noise ratio and I want to know exactly where I
should look to find a specific kind of log entry. 

If you have grand plans, I have a suggestion for you: prepare a set of
update-syslog scripts in debian style, which pick up pieces in a well
defined directory and build syslog.conf from it. In this way, a new
package that produces a specific kind of logs would just drop its own
configlet in that directory, run update-syslog and voilà, syslog will put
those logs in their new, dedicated file, very much like update-modules
works. If you are REALLY brave and have VERY grand plans, you could also
make your script work like update-menus, and build an appropriate
configuration file for the logging system installed on the computer, be it
sysklogd, syslog-ng or whatever.

However, even if you do not have such grand plans, even just an improved
syslog.conf would be very welcome :^)



Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

Reply to: