Hi all,
I'm very interested in what are best practices, and what others do as
far as separating out different types of messages in their logs.
I've always just sent everything to /var/log/messages, and this is not a
very heavily loaded box so it hasn't been a big problem, but I'm working
on a new server and would like to do some separation.
I'd still like everything to go to /var/log/messages, but I'd like to
also send certain types of messages to different logs to simplify
troubleshooting, etc - ie, I often peruse the logs with:
egrep '(reject|warning|error|fatal|panic):' /var/log/messages
But I'd like to actually feed all of those messages to a separate log,
for easier tailing.
I'm also open to some additional separation, and like I said, I'm
interested in what others do with theirs...
Specific config examples welcome!
Thanks
Charles