| 1 |
On 22/12/13 22:17, Tanstaafl wrote: |
| 2 |
> Hi all, |
| 3 |
> |
| 4 |
> I'm very interested in what are best practices, and what others do as |
| 5 |
> far as separating out different types of messages in their logs. |
| 6 |
> |
| 7 |
> I've always just sent everything to /var/log/messages, and this is not a |
| 8 |
> very heavily loaded box so it hasn't been a big problem, but I'm working |
| 9 |
> on a new server and would like to do some separation. |
| 10 |
> |
| 11 |
> I'd still like everything to go to /var/log/messages, but I'd like to |
| 12 |
> also send certain types of messages to different logs to simplify |
| 13 |
> troubleshooting, etc - ie, I often peruse the logs with: |
| 14 |
> |
| 15 |
> egrep '(reject|warning|error|fatal|panic):' /var/log/messages |
| 16 |
> |
| 17 |
> But I'd like to actually feed all of those messages to a separate log, |
| 18 |
> for easier tailing. |
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
syslog-ng comes with extensive documentation and a high-quality sysadmin |
| 23 |
manual is available from Balabit's web site. |
| 24 |
|
| 25 |
You need to start there as that spec above is highly bespoke. To do it, |
| 26 |
you need to examine the content of the log body using a regex, the usual |
| 27 |
way of filtering logs is by the header fields, not the body. |
| 28 |
|
| 29 |
There is no "best practice" as such wrt logging, All that there is, is |
| 30 |
whatever you consider you need to have. |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
Alan McKinnon |
| 35 |
alan.mckinnon@×××××.com |
Archives