Re: Logging practices (and why does it suck in Debian?)
On Wed, 11 Apr 2001, Kenneth Vestergaard Schmidt wrote:
> My first grievance was, that my mail-logs quickly filled up with duplicate
> information. Also, some of my other log-files seemed to contain a lot of
> duplicate entries. So, I started reading the syslog.conf manpage, and
> actually got a little insight into the workings of syslog :)
I've been there, and I have done some of that as well...
> So, what I want to do now is totally overhaul syslog.conf, so I have
> more specific logging, with little or no duplicate entries (unless
> this is wanted, of course).
I think most people which run some sort of automatic log parser have had
to do something like this or live with duplicate log entries.
> Before I start this, however, I would really like to know if this is just
> going to be something I'll do for myself, or if there's anybody else
> interested in it? Maybe even design it for inclusion in Debian?
I agree it should be done, and I agree it ought to be included in
Debian. IMHO you ought to ask the sisklogd packager to use it as a better
default. I don't think such a revised configuration should be in a
> I really need some feedback on this: is sysklogd what people use?
I do use sysklogd. I tried syslog-ng, and perhaps will try it again sooner
or later, but syslog-ng was broken for some time in unstable, so I
reverted to sysklogd.
> Who has modified their syslog.conf? And to what need, and was it
I did it myself, mainly to avoid some duplication and to put some entries
in a separate log file of their own.
> What do people want from their logging? Is there any standards that I
> should be aware of?
I want a good signal to noise ratio and I want to know exactly where I
should look to find a specific kind of log entry.
If you have grand plans, I have a suggestion for you: prepare a set of
update-syslog scripts in debian style, which pick up pieces in a well
defined directory and build syslog.conf from it. In this way, a new
package that produces a specific kind of logs would just drop its own
configlet in that directory, run update-syslog and voilà, syslog will put
those logs in their new, dedicated file, very much like update-modules
works. If you are REALLY brave and have VERY grand plans, you could also
make your script work like update-menus, and build an appropriate
configuration file for the logging system installed on the computer, be it
sysklogd, syslog-ng or whatever.
However, even if you do not have such grand plans, even just an improved
syslog.conf would be very welcome :^)
Giacomo Mulas <email@example.com, firstname.lastname@example.org>
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
"When the storms are raging around you, stay right where you are"