[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging practices (and why does it suck in Debian?)

On Wednesday 11 April 2001 15:03, Christian Hammers wrote:

> For this reason (to stay on topic) logging should at least keep the current
> behaviour to have one log where everything is logged to, as it's now with
> /var/log/syslog. And maybe the /var/log/auth.log with stuff that most
> people may not see as it's security relevant.

Why? I think it is really wasted when everything is logged to syslog, and 
also logged to other, more specific files. If you want to search for 
something, use grep. And if you want to find something, look in the log-files 
that are relevant. What relevancy can it ever have to log *.debug, or 
mail.info messages to syslog, if you want to find stuff about instrusion 

> Having the current mail.err, mail.warn, mail.debug where everything
> "with or below that severity" is logged so that the admin can choose what
> is worth to read daily is fine for me.

Again, I think this is wasted effort. Instead, as an admin, you could read 
mail.err, then mail.warn, and if you still feel up to it, mail.debug - it 
doesn't remove any details, but 1) it uses less disk space, 2) it removes the 
clutter, and 3) each log file has a specific purpose.

But anyway, thanks for your comments! I am really trying to find "the perfect 
solution", although I'll probably come to realize that there isn't one :(


Reply to: