On 2016-12-20 03:43, L A Walsh wrote:
Anton Aylward wrote:
More and more, logs are are getting to be a means of detection intrusions, hacks. But that means correlating logs, which used to be a tedious and error-prone process. We have in journald the opportunity to see all the activity in one log file, making correlation of events much easier.
--- That was always your choice. If you found multiple log files unsuitable for your purposes there was no one forcing you to keep them that way. They way they were configure was _ONE_ way out of hundreds or thousands of ways you could choose to have your log pre-parsed and pre-stored.
Yes, you can have all syslog entries stored in a single file. The syslog configuration usually contains a commented out entry for /var/log/allmessages. But he doesn't refer to that one. He refers to other services that use their independent log system, like the login services. Have all services log to the same log service, the journal. Apache, ssh, etc. I don't know. Without a database viewer, like an automatic import to LibreOffice where we can choose filters to see what we want or not, I see no advantage in a database. Somewhere where we can click on an event, follow it, discard garbage, etc. No ready made tools that I know of. -- Cheers/Saludos Carlos E. R. (testing openSUSE Leap 42.2, at Minas-Anor) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org