[Syslog-ng-maintainers] Changes to the default rsyslog configuration
Michael Tokarev
mjt at tls.msk.ru
Fri Jun 16 20:12:46 BST 2023
15.06.2023 15:25, Michael Biebl wrote:
> Hi providers of system-log-daemon,
>
> when I started packaging rsyslog for Debian I based /etc/rsyslog.conf on what's been in /etc/syslog.conf at that time (as provided by the no longer
> existing sysklogd).
>
> Unfortunately, this also meant, there was a lot of duplication (say mail messages being logged to 4 different files) and no one could explain to me,
> why we had this duplication / particular setup.
>
> I tried to clean that up for rsyslog during the bookworm release cycle.
> My guiding principle was to have a single log file containing everything (minus security sensitive information) and separate log files for commonly
> used facilities that are in use as of today.
>
> I ended up with
>
> #
> # Log anything besides private authentication messages to a single log file
> #
> *.*;auth,authpriv.none -/var/log/syslog
>
> #
> # Log commonly used facilities to their own log file
> #
> auth,authpriv.* /var/log/auth.log
> cron.* -/var/log/cron.log
> kern.* -/var/log/kern.log
> mail.* -/var/log/mail.log
> user.* -/var/log/user.log
Hm. Guess I'll use this for busybox-syslogd too. Thank you for the heads-up,
it come really timely, since just a few days ago I refreshed that package
and was now wondering what files needed to be there.
Another question is whenever to store files as root:adm, mode 0640 by default.
I guess these permissions are set by logrotate, but I'm not sure.
Thank!
/mjt
More information about the Syslog-ng-maintainers
mailing list