On Thu, 15 Nov 2007, Jay R. Ashworth wrote: > On Thu, Nov 15, 2007 at 07:29:29PM +0100, Olivier wrote: >> Which is the best way to manage logs ? >> Would you centralize and "mix" logs from Linux, Asterisk, syslog and >> others >> or keep them separate ? > > In my experience, it's easier to combine them all into one syslog > server, and then utilize tools to filter them apart when necessary, > since there are more tools to do that than to *combine* them when that > is necessary, which it often is.
99.9999% of all logs are useless and never looked at. I configure all applications to log to syslog, all hosts to syslog to a single host, and the loghost logs everything in a single file. Each night I "rotate" the single log file by "mv'ing" it to append just the day of the month, create a new log file, and HUP syslogd. This way, none of the other systems run out of disk space from excessive logging and require no maintenance. The syslog host's disk usage will stabilize after about a month. With all of the logging in a single file, you can filter to your heart's content and notice patterns or errors you would have missed otherwise. Also, (assuming you use ntp) it makes it easier to see what other systems were doing at an interval of interest. If you have a problem, you have the last [28|30|31] days of logs to look at. If you haven't noticed a problem after 30 days, either it wasn't that big of a deal or you have much bigger problems :) The performance implications can be astounding. One client had a web host with dozens of sites. Each site logged it's accesses to a separate file. Combining all of the accesses to a single stream logged on a separate host turned a abysmally performing site (because the disk was being hammered by bouncing between all of the log files scattered about) into a very reasonably performing system. Thanks in advance, ------------------------------------------------------------------------ Steve Edwards [EMAIL PROTECTED] Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
