I recently reworked the syslog configuration for a client. They have
about 12 SunsOS and Solarises. I was trying to think of a sensible way
to organize syslog so you could see the important stuff reasonably quickly
and quickly preview the less important stuff.
Here's what I decided to do, after no better idea emerged:
I organized /var/log into two directories, byfacility and bylevel.
Then on the Loghost (most everything goes to the log host) I have it
broken down so that information and debugging messages go to
/var/log/bylevel/info.log, warning and notice messages go to
/var/log/bylevel/warning.log, and then the critical and emergency
messages go to /var/log/bylevel/danger.log.
Then I break them down by facility so that anything of a *.notice
goes to it's facility file in /var/log/byfacility, for instance,
there's a /var/log/byfacility/lpr.log, one for daemon, another for
mail and so on.
I rather like the way it turned out. So then I wrote a tool to
report on and compress the various logs and so on. However, what
I really think would be neat would be a tool to display logs,
filtered in various ways, in HTML. Has anyone done that?
How have other people dealt with syslog configurations?
Nancy Milligan Milligan Consulting Services
Internet Connectivity, Firewalls, Usenet, WWW