Re: [Leaf-devel] Redundancy in /var/log files

Sat, 03 Aug 2002 00:53:25 -0700 

> Hi Everyone
> I have been  asking myself for quite some time why there was so much 
> redundancy in the content of  /var/log files in a LEAF distro.
> A typical example is when your ports are being scanned, that is when your 
> iptables messages starts increasing. You will find them in :
> 1/ kernel.log
> 2/ syslog
> 3/ messages
> and your /var/log will get big, big,...
> 
> Which all boils down to the structure of /etc/syslog.conf which is attached 
> at the end of this message (this is the one used in Bering but leasily copied 
> from the one in Dachstein).
> 
> Has any one some ideas about the "optimal" way to setup this? I'll welcome 
> any feedback on this issue.
> 
> Jacques
> 

This is the one from slackware, i think it's verry clean. You can remove the uucp en 
news entries.

# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux.

# Uncomment this to see kernel messages on the console.
#kern.*                                                 /dev/console

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
*.info;*.!warn;\
        authpriv.none;cron.none;mail.none;news.none     /var/log/messages

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
*.warn;\
        authpriv.none;cron.none;mail.none;news.none     /var/log/syslog

# Debugging information is logged here.
*.=debug                                                /var/log/debug

# Private authentication message logging:
authpriv.*                                              /var/log/secure

# Cron related logs:
cron.*                                                  /var/log/cron

# Mail related logs:
mail.*                                                  /var/log/maillog

# Emergency level messages go to all users:
*.emerg                                                 *

# This log is for news and uucp errors:
uucp,news.crit                                          /var/log/spooler

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit                                     /var/log/news/news.crit
#news.=err                                      /var/log/news/news.err
#news.notice                                    /var/log/news/news.notice


Regards,
Eric Spakman


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to