Hi providers of system-log-daemon,when I started packaging rsyslog for Debian I based /etc/rsyslog.conf on what's been in /etc/syslog.conf at that time (as provided by the no longer existing sysklogd).
Unfortunately, this also meant, there was a lot of duplication (say mail messages being logged to 4 different files) and no one could explain to me, why we had this duplication / particular setup.
I tried to clean that up for rsyslog during the bookworm release cycle.My guiding principle was to have a single log file containing everything (minus security sensitive information) and separate log files for commonly used facilities that are in use as of today.
I ended up with # # Log anything besides private authentication messages to a single log file # *.*;auth,authpriv.none -/var/log/syslog # # Log commonly used facilities to their own log file # auth,authpriv.* /var/log/auth.log cron.* -/var/log/cron.log kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log  contains a more detailed log of the individual changes.If you want to apply the same set of rules to your log daemon is obviously up to you. I just wanted to give you a heads up, as I think that some consistency between different syslog implementations within Debian might be beneficial.
Regards, Michael https://salsa.debian.org/debian/rsyslog/-/commits/debian/master/debian/rsyslog.conf
Description: OpenPGP digital signature