Hi. The last couple of days I've been toying around with my logs, getting them straightened up and such, and one thing struck me : logging in Debian is far from efficient, let alone ideal.
My first grievance was, that my mail-logs quickly filled up with duplicate information. Also, some of my other log-files seemed to contain a lot of duplicate entries. So, I started reading the syslog.conf manpage, and actually got a little insight into the workings of syslog :) So, what I want to do now is totally overhaul syslog.conf, so I have more specific logging, with little or no duplicate entries (unless this is wanted, of course). I'm fed up with going through logs containing a lot of information I read earlier on. Also, I have set up fwanalog to analyze my firewall's activities, and I see no reason why these messages appear in both syslog, kern.log and messages, when there's no reason that I ever look at them (since they're analyzed and reported to me later). Before I start this, however, I would really like to know if this is just going to be something I'll do for myself, or if there's anybody else interested in it? Maybe even design it for inclusion in Debian? I personally think this should be done, since the default now sucks (to put it mildly). I really need some feedback on this: is sysklogd what people use? Who has modified their syslog.conf? And to what need, and was it sufficient? What do people want from their logging? Is there any standards that I should be aware of? -- Kenneth Vestergaard Schmidt, really wanting to improve this.
