On Fri, Sep 22, 2006 at 12:31:34PM -0700, Dan Nicholson wrote: > Doesn't it completely remove the functionality of the syslog to have > everything dumped to one file?
Um, ... No? :-) The *key* functionality of the syslog is that it, well..., LOGs your SYStem messages. The ability to split the messages into separate files is a bonus. I'm wondering how useful a bonus it is. > In fact, I would argue that if you think that there's too much to > wade through, you should create _more_ files and be _more_ selective > in your filtering. That depends *how* you wade through them. If your only tool is running "less /var/log/whatever.log" then you're right. But suppose you decide that you need fine-grained ad hoc filtering above and beyond anything that a syslog.conf can do? Then you're looking at some fancy filtering system based around regexps or similar. And *then* maybe having multiple logs is a hindrance. If you're already fluent at writing filters for IP addresses, domain names, dates, services etc. then the extra effort of finding the right log file starts to look rather pointless. Eg. I just looked at my auth.log . There's stuff in there from PAM, su, login and sshd. I suspect if I ever want to search that file I'll won't be interested in all of those services, so I'll be filtering on that basis. But if I'm filtering the entries by service they might just as well be in one big log file. I'm not being dogmatic about this. It might be useful to send the kernel boot messages to a separate file. But beyond that? > Splitting the log into different priorities also allows permissions to > be set, if so desired. Probably you don't want unprivileged users to > see the authentication info. But maybe you could allow people in the > mailadmin group to read mail.log. I hadn't thought of that. Thanks for suggesting it. > ... Of course, if you just want one file, you'll have the simplest > syslog.conf around. "The simplest syslog.conf around."? Hmm, that sounds like an idea for a song. Something along the lines of "The Oldest Swinger in Town". :-) Regards, Jeremy Henty -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
