<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.3">
</HEAD>
<BODY>
Logging is varied by source in some cases like apache and mysql. I like to push everything thru syslog instead of apps writing their own logs directly. This centralization makes it much easier to manage logs when dealing with >handful of machines where one or more central log repository server(s) is ideal. I really like syslog-ng for this purpose and separate out logs by host or groups of similar hosts and optionally broken down by application or even a subset of that as needed into separate log files and directories.<BR>
<BR>
For example logging very busy Cisco IOS DHCP servers yields more than a gig of raw logs every day. I have 7 of these hosts' DHCP logs going into a single file. Then I have a subset of that DHCP log data, DHCPACK's in this case matched based on REGEX in the syslog config, go to yet another file for extremely fast scripted searches because this file is tiny compared to the full DHCP log.<BR>
<BR>
Coupled with log rotation using logrotate you can accomplish pretty much anything you need.<BR>
<BR>
The syslog-ng website and mailing list archives no doubt have a lot of good documentation about logging techniques and practices:<BR>
<A HREF="http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/bk01-toc.html">http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/bk01-toc.html</A> <BR>
<BR>
I am sure rsyslog does as well but the complexity of its config files and the quality of its documentation (finding the right document on their site is sometimes very tough) has been a big turnoff for me, always reminded me of sendmail a bit.<BR>
<BR>
One of the important keys is to make sure your system writing the logs (be it a separate server and/or the local machine itself) has fairly accurate time synchronization so you can accurately correlate events. You can move to an event correlation system like Splunk to help group logged activities together and flag certain thresholds/conditions. A simpler method would be to use something like swatch.<BR>
<BR>
On Tue, 2010-11-23 at 12:14 -0600, r j wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
I am seeking a good guide to log files.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
I recently came a cross a friends computer with an x failure and no record of it in the var/log/xorg0.log
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
I would like to know mare about apache logs and MySQL logs.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
Is there a all in one reference about logging for Linux our should I just be content with the online doc's regarding logs from apache,x, MySQL,etc..
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
Thanks for any help you can give.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<PRE>
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<A HREF="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</A>
<A HREF="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</A>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>