[opensuse-factory] Re: logging related
"Horváth Gergely J. (Ottó)" wrote:
I have done a little research among distributions, to have a bigger perspective, and based on that, I have some ideas and questions. More important ones first:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
We certainly can not start a great debate on what to log and where, but I would like to mention some other points too:
* OpenSUSE does not log crond messages separately (while nearly "all" other ditros do). Note: This might seem like a "what to log separately and what not to" question, but considering mail as a general service and thus logging it in a separate file - in contrast to crond - make me think of an advise: "Add a filter to crond if you plan to use that special service a lot - thus spamming your messages log file" :)
* Logging some messages to other files, should not we filter them out from messages? (I did not check this one, it might be daemon specific (like ntp), but one with a deeper insight could check it).
With a few excpetions, I find the current syslog settings to be quite good. For desktops and laptops, I don't touch them, for servers, I have one or two standard modifications. Overall, an optimal syslog setup depends entirely on what a system is used for. wrt your suggestions - I would prefer keeping crond messages in /var/log/messages - on a default system I don't see enough crond activity to warrant a separate file. (but there is already a commented out entry in syslog-ng.conf). Log auth and authpriv separately - yeah, why not. Filtering out messages from /var/log/messages if logged elsewhere - it's already being done for some, e.g. firewall and mail. To me, that depends mostly on volume and somewhat on purpose. Logging changes I usually do for a production system: disable separate logging for mail.<level>, disable separate logging for news.*, amend logrotate for our log archiving, to use lzma compression and to run at midnight. -- Per Jessen, Zürich (25.1°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Sun, 2010-07-04 at 10:24 +0200, Per Jessen wrote:
"Horváth Gergely J. (Ottó)" wrote:
I have done a little research among distributions, to have a bigger perspective, and based on that, I have some ideas and questions. More important ones first:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
We certainly can not start a great debate on what to log and where, but I would like to mention some other points too:
* OpenSUSE does not log crond messages separately (while nearly "all" other ditros do). Note: This might seem like a "what to log separately and what not to" question, but considering mail as a general service and thus logging it in a separate file - in contrast to crond - make me think of an advise: "Add a filter to crond if you plan to use that special service a lot - thus spamming your messages log file" :)
* Logging some messages to other files, should not we filter them out from messages? (I did not check this one, it might be daemon specific (like ntp), but one with a deeper insight could check it).
With a few excpetions, I find the current syslog settings to be quite good. For desktops and laptops, I don't touch them, for servers, I have one or two standard modifications. Overall, an optimal syslog setup depends entirely on what a system is used for.
wrt your suggestions -
I would prefer keeping crond messages in /var/log/messages - on a default system I don't see enough crond activity to warrant a separate file. (but there is already a commented out entry in syslog-ng.conf).
Log auth and authpriv separately - yeah, why not.
Filtering out messages from /var/log/messages if logged elsewhere - it's already being done for some, e.g. firewall and mail. To me, that depends mostly on volume and somewhat on purpose.
Logging changes I usually do for a production system:
disable separate logging for mail.<level>, disable separate logging for news.*, amend logrotate for our log archiving, to use lzma compression and to run at midnight.
Indeed, i would keep messages for the general system info, but give each server its own logfile. One can argue if it is advisable (less sloppy) to give each server its own subdirectory under /var/log/ to put its loginfo into. This applies to - dns - dhcp - ldap - vpn (ipsec / openvpn) I am aware of the fact that one should inspect multiple files (or instruct logdigest to filter out the usual lines) But the risk of have too much in one file is that there is a bigger chance that you miss something important, if its is burried under/between truckloads of non-relevant messages.... (hence i'm gratefull that firewall messages get into a its own file) Perhaps a long shot, but wouldn't it be nice if there could be a switch in sysconfig for each server-product? hw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (2)
-
Hans Witvliet -
Per Jessen