Jacques Nilo wrote:
>
> Hi Everyone
> I have been asking myself for quite some time why there was so much
> redundancy in the content of /var/log files in a LEAF distro.
> A typical example is when your ports are being scanned, that is when your
> iptables messages starts increasing. You will find them in :
> 1/ kernel.log
> 2/ syslog
> 3/ messages
> and your /var/log will get big, big,...
>
> Which all boils down to the structure of /etc/syslog.conf which is attached
> at the end of this message (this is the one used in Bering but leasily copied
> from the one in Dachstein).
>
> Has any one some ideas about the "optimal" way to setup this? I'll welcome
> any feedback on this issue.
<snip />
Not yet perfect, but better -- this is mine:
# cat ./etc/etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
# For more information see syslog.conf(5) manpage.
# Facility is one of the follOwing keywords:
# auth
# authpriv
# cron
# daemon
# kern
# local0 -- local7
# lpr
# mail
# mark (internal use *only*)
# news
# security (deprecated; same as auth)
# syslog
# user
# uucp
# Priority is one of the following keywords, in ascending order:
# debug
# info
# notice
# warning
# warn (deprecated; same as warning)
# err
# error (deprecated; same as err)
# crit
# alert
# emerg
# panic (deprecated; same as emerg)
#
# Log everything remotely. The other machine must run syslog with '-r'.
# WARNING: Doing this is unsecure and can open you up to a DoS attack.
#
*.crit @loki
kern.* @loki
#
# First some standard logfiles. Log by facility.
#
*.warning;auth,authpriv.none /var/log/syslog
auth,authpriv.* /var/log/auth.log
cron.* -/var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* /var/log/kern.log
local1.* -/var/log/local1.log
local2.* -/var/log/local2.log
local3.* -/var/log/local3.log
local4.* -/var/log/local4.log
local5.* -/var/log/local5.log
local6.* -/var/log/local6.log
local7.* -/var/log/local7.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
news.* -/var/log/news.log
syslog.* -/var/log/syslog
user.* -/var/log/user.log
uucp.* -/var/log/uucp.log
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv,\
news,mail.none -/var/log/debug
*.=info;*.=notice;\
auth,authpriv,cron,\
daemon,mail,news.none -/var/log/messages
# ppp
local2.* -/var/log/ppp.log
# portslave
local6.* -/var/log/pslave.log
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
