[Syslog-ng-maintainers] Changes to the default rsyslog configuration
Michael Biebl
biebl at debian.org
Thu Jun 15 13:25:12 BST 2023
Hi providers of system-log-daemon,
when I started packaging rsyslog for Debian I based /etc/rsyslog.conf on
what's been in /etc/syslog.conf at that time (as provided by the no
longer existing sysklogd).
Unfortunately, this also meant, there was a lot of duplication (say mail
messages being logged to 4 different files) and no one could explain to
me, why we had this duplication / particular setup.
I tried to clean that up for rsyslog during the bookworm release cycle.
My guiding principle was to have a single log file containing everything
(minus security sensitive information) and separate log files for
commonly used facilities that are in use as of today.
I ended up with
#
# Log anything besides private authentication messages to a single log file
#
*.*;auth,authpriv.none -/var/log/syslog
#
# Log commonly used facilities to their own log file
#
auth,authpriv.* /var/log/auth.log
cron.* -/var/log/cron.log
kern.* -/var/log/kern.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
[1] contains a more detailed log of the individual changes.
If you want to apply the same set of rules to your log daemon is
obviously up to you.
I just wanted to give you a heads up, as I think that some consistency
between different syslog implementations within Debian might be beneficial.
Regards,
Michael
[1]
https://salsa.debian.org/debian/rsyslog/-/commits/debian/master/debian/rsyslog.conf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/syslog-ng-maintainers/attachments/20230615/8b98c3d1/attachment.sig>
More information about the Syslog-ng-maintainers
mailing list