[opensuse-project] Logging related
Hello everyone! I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML. I have done a little research among distributions, to have a bigger perspective, and based on that, I have some ideas and questions. More important ones first: * OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do). We certainly can not start a great debate on what to log and where, but I would like to mention some other points too: * OpenSUSE does not log crond messages separately (while nearly "all" other ditros do). Note: This might seem like a "what to log separately and what not to" question, but considering mail as a general service and thus logging it in a separate file - in contrast to crond - make me think of an advise: "Add a filter to crond if you plan to use that special service a lot - thus spamming your messages log file" :) * Logging some messages to other files, should not we filter them out from messages? (I did not check this one, it might be daemon specific (like ntp), but one with a deeper insight could check it). One last note, for those who might ask about "other distributions do it": Please do not misunderstand me, I do not want OpenSUSE to become like the others, but a nice, general harmony (maybe not only in logging style) could be achieved among the distributions, so people using different linuxes could feel more confortable :) Thank you, Looking forward for your feedback, Gregory -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 01 July 2010 21:36:30 Horváth Gergely J. (Ottó) wrote:
Hello everyone!
I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML.
Unfortunately they pointed you to the wrong place - the opensuse-factory mailing list would be the right place to discuss this kind of changes. I suggest you wait until 11.3 is out of the door and start again the discussion there.
I have done a little research among distributions, to have a bigger perspective, and based on that, I have some ideas and questions. More important ones first:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
Please note that the project is called "openSUSE" - always with a lowercase "o". Thanks for your research and bringing this up, Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Friday 2010-07-02 14:39, Andreas Jaeger wrote:
On Thursday 01 July 2010 21:36:30 Horváth Gergely J. (Ottó) wrote:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
Please note that the project is called "openSUSE" - always with a lowercase "o".
But it feels like writing linux instead of Linux. Feels like writing a filename rather than a project name. Also notice posters (on any mailing list) who use an all-lowercase variant of their realworld name when posting? It just doesn't look right, and are suspectible to grammar debates, double-meaning innuendo jokes and all that, including the community accusation that some marketing manager has deliberately planted such debatable casing. Where it does not matter, that is outside of filesystems, people should be allowed to claim the right to uppercase. Squid, Python, Debian, OpenBGPD, OpenSUSE, Opensuse. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Friday 02 July 2010 15:10:05 Jan Engelhardt wrote:
On Friday 2010-07-02 14:39, Andreas Jaeger wrote:
On Thursday 01 July 2010 21:36:30 Horváth Gergely J. (Ottó) wrote:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
Please note that the project is called "openSUSE" - always with a lowercase "o".
But it feels like writing linux instead of Linux. Feels like writing a filename rather than a project name. Also notice posters (on any mailing list) who use an all-lowercase variant of their realworld name when posting? It just doesn't look right, and are suspectible to grammar debates, double-meaning innuendo jokes and all that, including the community accusation that some marketing manager has deliberately planted such debatable casing. Where it does not matter, that is outside of filesystems, people should be allowed to claim the right to uppercase. Squid, Python, Debian, OpenBGPD, OpenSUSE, Opensuse.
That's the way the way the project was launched. It's part of our identity. Why should we always conform to the normal rules? ;) Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Friday 2010-07-02 15:23, Andreas Jaeger wrote:
On Friday 02 July 2010 15:10:05 Jan Engelhardt wrote:
On Friday 2010-07-02 14:39, Andreas Jaeger wrote:
On Thursday 01 July 2010 21:36:30 Horváth Gergely J. (Ottó) wrote:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
Please note that the project is called "openSUSE" - always with a lowercase "o".
But it feels like writing linux instead of Linux. Feels like writing a filename rather than a project name. Also notice posters (on any mailing list) who use an all-lowercase variant of their realworld name when posting? It just doesn't look right, and are suspectible to grammar debates, double-meaning innuendo jokes and all that, including the community accusation that some marketing manager has deliberately planted such debatable casing. Where it does not matter, that is outside of filesystems, people should be allowed to claim the right to uppercase. Squid, Python, Debian, OpenBGPD, OpenSUSE, Opensuse.
That's the way the way the project was launched. It's part of our identity. Why should we always conform to the normal rules? ;)
OpenSUSE is great enough to deserve the big O notation. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Fri, 2010-07-02 at 15:48 +0200, Jan Engelhardt wrote:
On Friday 2010-07-02 15:23, Andreas Jaeger wrote:
On Friday 02 July 2010 15:10:05 Jan Engelhardt wrote:
On Friday 2010-07-02 14:39, Andreas Jaeger wrote:
On Thursday 01 July 2010 21:36:30 Horváth Gergely J. (Ottó) wrote:
* OpenSUSE should log auth and authpriv messages separately (like "all" other distributions do).
Please note that the project is called "openSUSE" - always with a lowercase "o".
But it feels like writing linux instead of Linux. Feels like writing a filename rather than a project name. Also notice posters (on any mailing list) who use an all-lowercase variant of their realworld name when posting? It just doesn't look right, and are suspectible to grammar debates, double-meaning innuendo jokes and all that, including the community accusation that some marketing manager has deliberately planted such debatable casing. Where it does not matter, that is outside of filesystems, people should be allowed to claim the right to uppercase. Squid, Python, Debian, OpenBGPD, OpenSUSE, Opensuse.
That's the way the way the project was launched. It's part of our identity. Why should we always conform to the normal rules? ;)
OpenSUSE is great enough to deserve the big O notation.
I agree with that sentiment, Jan. But I will also say that there's a bit of a marketing advantage to openSUSE. I've noticed when I correct people to spell openSUSE, especially outside of our Community, it makes them think about it more and they start to remember us more. It's a great way to help build some mindshare about our great project. :-) Bryen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Friday 02 July 2010 09:06:54 Bryen M. Yunashko wrote:
It's a great way to help build some mindshare about our great project. :-)
Just not overdue with it. One problem with common capitalization rules for proper names, in all languages that I know, is enough :) -- Regards Rajko, -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Friday 2010-07-02 16:06, Bryen M. Yunashko wrote:
I've noticed when I correct people to spell openSUSE, especially outside of our Community, it makes them think about it more and they start to remember us more.
Should have called it "RememberThisDistro" then, in the style of "Steal this film" :-p -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-01 21:36, "Horváth Gergely J. (Ottó)" wrote:
Hello everyone!
I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML.
I agree with Andreas that the proper list should be the factory one, probably after the release date. Just one note: I have always customized what is logged where, each person has his own needs and tastes. First it was syslog. Then it was syslog-ng, so I learned its ways. Now it is (let me look) - rsyslog, which I don't know how to configure. Do we have a wiki on it? Too many variations in a short period. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwvCboACgkQU92UU+smfQU7OgCgiP9ElpX9akQZpJfw0TkXJ92k jXgAni7bvWZG2XuqgshxDhjbVIw5my2e =gCrS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Saturday 03 July 2010 04:58:18 Carlos E. R. wrote:
Do we have a wiki on it?
Not that I can find it. The presentation article should be in a default search.
Too many variations in a short period.
Like with any other part of the system. One can't be everywhere. Rate of changes is transforming advanced users to consumers. -- Regards Rajko, -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-03 13:41, Rajko M. wrote:
On Saturday 03 July 2010 04:58:18 Carlos E. R. wrote:
Do we have a wiki on it?
Not that I can find it. The presentation article should be in a default search.
Too many variations in a short period.
Like with any other part of the system. One can't be everywhere.
That's true, but this is one area I customize. Currently my router data is logged on another computer (11.0), but eventually it have to go to this one... and I still do not know how.
Rate of changes is transforming advanced users to consumers.
Ha! That's a sentence that should be gold plated on the dorstep to oS >:-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwvmXwACgkQU92UU+smfQVTZgCdE8DyyJxlLxC6neJ7OhFNfgtk zgwAniwBOQBEPhwb4d613krrjttKJPCX =fWQK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-07-01 21:36, "Horváth Gergely J. (Ottó)" wrote:
Hello everyone!
I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML.
I agree with Andreas that the proper list should be the factory one, probably after the release date.
Just one note: I have always customized what is logged where, each person has his own needs and tastes.
First it was syslog. Then it was syslog-ng, so I learned its ways. Now it is (let me look) - rsyslog, which I don't know how to configure. Do we have a wiki on it?
man rsyslog.conf -- Per Jessen, Zürich (30.6°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-03 15:43, Per Jessen wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-07-01 21:36, "Horváth Gergely J. (Ottó)" wrote:
Hello everyone!
I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML.
I agree with Andreas that the proper list should be the factory one, probably after the release date.
Just one note: I have always customized what is logged where, each person has his own needs and tastes.
First it was syslog. Then it was syslog-ng, so I learned its ways. Now it is (let me look) - rsyslog, which I don't know how to configure. Do we have a wiki on it?
man rsyslog.conf
Not a single example. No migration info. The full documentation comes in a different rpm. [...] Ok, installed. Mmmm... look, one of the links it contains says: # rsyslogd man page (heavily outdated) Nice. Then there is a link: # a commented sample rsyslog.conf which gives: File not found Firefox can't find the file at /usr/share/doc/packages/rsyslog/doc/sample.conf.html. Nice. Going to the online alternative... ok, there it is. But I understand nothing. Any more ideas? >:-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwvm/YACgkQU92UU+smfQUHsQCeNEfeZ9xdpxxj4TpKb4r/NXkt 84sAoI2hMzoQLMfEkwaMtxXb4Op2z1pl =4uQM -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [07-03-10 16:25]:
Any more ideas? >:-)
http://wiki.rsyslog.com/index.php/Configuration_Samples http://www.rsyslog.com/doc-rsyslog_conf.html http://www.rsyslog.com/doc-rsyslog_ng_comparison.html they have a forum: http://kb.monitorware.com/rsyslog-f40.html and a mailing list: http://lists.adiscon.net/mailman/listinfo/rsyslog Documentation from rsyslog-doc.rpm indicates: While rsyslogd contains enhancements over standard syslogd, efforts have been made to keep the configuration file as compatible as possible. While, for obvious reasons, enhanced features require a different config file syntax, rsyslogd should be able to work with a standard syslog.conf file. This is especially useful while you are migrating from syslogd to rsyslogd. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-07-03 15:43, Per Jessen wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-07-01 21:36, "Horváth Gergely J. (Ottó)" wrote:
Hello everyone!
I had some discussions on IRC about logging in OpenSUSE and promised to start a thread here on the ML.
I agree with Andreas that the proper list should be the factory one, probably after the release date.
Just one note: I have always customized what is logged where, each person has his own needs and tastes.
First it was syslog. Then it was syslog-ng, so I learned its ways. Now it is (let me look) - rsyslog, which I don't know how to configure. Do we have a wiki on it?
man rsyslog.conf
Not a single example. No migration info.
Pretty normal for a man page :-) I don't recall wiki pages being to normal way for documenting migration and changes in openSUSE, so I was just amused that you were looking for one for this change. Besides, you have the option for reverting to syslog-ng - personally, I think the patterns should have been set up such that rsyslog and syslog-ng provide the same functionality (similar to postfix/sendmail) and satisfy the same requirement. -- Per Jessen, Zürich (21.6°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-04 10:04, Per Jessen wrote:
Carlos E. R. wrote:
man rsyslog.conf
Not a single example. No migration info.
Pretty normal for a man page :-)
Ya, I know :-} Have a look at fetchmail or procmail man pages: the have good examples.
I don't recall wiki pages being to normal way for documenting migration and changes in openSUSE, so I was just amused that you were looking for one for this change.
Hey, I feel lazy now and then :-p
Besides, you have the option for reverting to syslog-ng - personally, I think the patterns should have been set up such that rsyslog and syslog-ng provide the same functionality (similar to postfix/sendmail) and satisfy the same requirement.
I actually went yesterday and changed rsyslog.conf so that named (bind) logs in its own log. It was simpler than I had thought, after all. I was getting tons of these in the message log: Jul 4 14:48:05 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 14.1.168.192.in-addr.arpa Jul 4 14:51:02 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 1.1.168.192.in-addr.arpa Jul 4 14:51:21 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 1.1.168.192.in-addr.arpa Those IP are in my local network, no idea why/who is asking on internet for it, or who is responding. But instead of finding out or doing something about it, I thought of first logging them to a different file. So I did: # named messages into separate file and stop their further processing - taken from firewall configuration - no, from acpid config if ($programname == 'named' or $syslogtag == '[named]:') then \ -/var/log/named;RSYSLOG_TraditionalFileFormat if ($programname == 'named' or $syslogtag == '[named]:') then \ ~ The next modification should be not to stop further processing if the entry is "alarming". But for that I need reading some doc (is syslogseverity >= 5 alarming, or is it <= 5? Are the above log entries "alarming"?). And I feel lazy again. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwwhpwACgkQU92UU+smfQW3GACeKtXtyEXssMCyAuv6srXShoU1 ScwAnA2hkr6L29ZRf4HUk/5TwtjKUfNP =B2tO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Carlos E. R. wrote:
I actually went yesterday and changed rsyslog.conf so that named (bind) logs in its own log. It was simpler than I had thought, after all.
I was getting tons of these in the message log:
Jul 4 14:48:05 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 14.1.168.192.in-addr.arpa Jul 4 14:51:02 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 1.1.168.192.in-addr.arpa Jul 4 14:51:21 Elessar named[22400]: client 192.168.1.14#52387: RFC 1918 response from Internet for 1.1.168.192.in-addr.arpa
Those IP are in my local network, no idea why/who is asking on internet for it, or who is responding.
The best way to get rid of those messages would be to set up a zone for your local network. See also http://www.bind9.net/BIND-FAQ -- Per Jessen, Zürich (25.4°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-04 16:30, Per Jessen wrote:
Carlos E. R. wrote:
Those IP are in my local network, no idea why/who is asking on internet for it, or who is responding.
The best way to get rid of those messages would be to set up a zone for your local network.
I know. I only installed bind (cache mode) because amavis-new is very slow (up to 20" in a quad core) if it uses the dns cache server in the adsl router, not because I wanted to install bind.
See also http://www.bind9.net/BIND-FAQ
I'll give the yast module a chance :-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwwo0MACgkQU92UU+smfQUtVgCeOrp9XlkBNC3D/MZeUQdpEwx7 40wAoI/nf0s3VATaTwgY32WhTzjl2Wje =eAyj -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-07-04 16:30, Per Jessen wrote:
Carlos E. R. wrote:
Those IP are in my local network, no idea why/who is asking on internet for it, or who is responding.
The best way to get rid of those messages would be to set up a zone for your local network.
I know.
I only installed bind (cache mode) because amavis-new is very slow (up to 20" in a quad core) if it uses the dns cache server in the adsl router, not because I wanted to install bind.
Did a local named make any difference? Those long processing times are more often due to name servers not working properly and causing time outs. -- Per Jessen, Zürich (23.8°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (9)
-
"Horváth Gergely J. (Ottó)"
-
Andreas Jaeger
-
Bryen M. Yunashko
-
Carlos E. R.
-
Carlos E. R.
-
Jan Engelhardt
-
Patrick Shanahan
-
Per Jessen
-
Rajko M.