Re: Logging practices (and why does it suck in Debian?)
On Wed, Apr 11, 2001 at 02:50:47PM +0200, Giacomo Mulas wrote:
> It's probably the 3 people in total who bother to check the logs...
at least 4, just for the records, you can't administrate production servers
without having logcheck or similar installed!
For this reason (to stay on topic) logging should at least keep the current
behaviour to have one log where everything is logged to, as it's now with
/var/log/syslog. And maybe the /var/log/auth.log with stuff that most people
may not see as it's security relevant.
Having the current mail.err, mail.warn, mail.debug where everything
"with or below that severity" is logged so that the admin can choose what
is worth to read daily is fine for me.
Disk space isn't the problem any more and if you run services that produces
so much logs you'll probably have enough anyways.
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
firstname.lastname@example.org Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified