Has anyone heard anything detrimental about setting up /etc/syslog.conf
to log to separate files based on facility? I've been doing this for a
couple weeks, and it seems a lot easier to manage, especially since I
have a mail server with nearly 2,000 users.
Using swatch seems easier, too, since I don't have to search through
gigantic "syslog" or "messages" files (even with rotating these logs
once a week, the syslog file grows to a few hundred MB.
I have syslog set up so that everything gets logged to one of the
So, if you've heard anything negative about this
(performance/security-wise, especially, on Sparc Solaris 2.6), I would
like to hear about it..