Quoting Mark D. Roth ([EMAIL PROTECTED]) on Fri, Oct 22, 1999 at 08:57:38PM -0500:
> On Fri Oct 22 16:45 1999 -0700, Roger Marquis wrote:
> > place. While DAEMON might not be specific AUTH, LPR, USER, NEWS, FTP,
> > NTP, MAIL, and KERN all seem pretty specific and granular. To those
> > I'd add STAT for `df`, `uptime`, `loadavg`, `etherstat`, `iostat`,
> > `nfsstat`, `vmstat` and other SNMP-like info and CRIT for critical
> > alerts.
>
> You're probably right about LPR, FTP, NTP, and KERN; they're about as
> specific as I can personally imagine needing them.
>
> I can easily imagine needing more granularity in NEWS and MAIL; for
> example, to seperate out IMAP/POP connections from SMTP connections.
Oh yes please.
> USER is incredibly vague and usually winds up being used as a
> "anything that doesn't go somewhere else" category.
>
> AUTH is almost never used right, in my experience. Many things which
> should log there use DAEMON instead, and many things which log to AUTH
> really belong somewhere else.
And I'd love to so IP for any changes in the IP subsystem.
Where do we log rejected packets?
What if an audit subsystem logs via syslog, how are all those categories
logged?
> IMHO, if we're going to make any progress in fixing syslog, we're
> going to need to define a new protocol. However, I have a huge number
> of machines using the current syslog, and I'm no more in favor of
> simply breaking compatibility than anyone else. I just don't see any
> reason that the old and new protocols can't co-exist, possibly even
> handled by the same daemon.
Yes please. Why not have the new one accept old stuff and send new things with
some mapping to older daemons?
cheers
afx
--
SuSE Muenchen GmbH Phone: +49-89-42769-0
Stahlgruberring 28 Fax: +49-89-42017701
D-81829 Muenchen, Germany
May the Source be with you!
