[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging practices (and why does it suck in Debian?)


On Wed, Apr 11, 2001 at 02:50:47PM +0200, Giacomo Mulas wrote:
> It's probably the 3 people in total who bother to check the logs... 
at least 4, just for the records, you can't administrate production servers 
without having logcheck or similar installed!
For this reason (to stay on topic) logging should at least keep the current
behaviour to have one log where everything is logged to, as it's now with
/var/log/syslog. And maybe the /var/log/auth.log with stuff that most people
may not see as it's security relevant. 

Having the current mail.err, mail.warn, mail.debug where everything 
"with or below that severity" is logged so that the admin can choose what
is worth to read daily is fine for me. 
Disk space isn't the problem any more and if you run services that produces 
so much logs you'll probably have enough anyways.



Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

Reply to: