On Fri, Feb 10, 2006 at 05:51:41PM -0500, Mitch Parker wrote: > > I'm going to second this, even though I don't work at an ISP (however, I do > work with large amounts of syslog data). > > If you want to keep things organized, it's better to keep the syslog files > organized by service.
i would cast my vote in the camp of it's better to keep the logfiles organized however you find you really need to, or rather, in a way that involves you writing the least amount of scripts or infrastructure to find the information from those logfiles that you're going to end up referencing from them most commonly. for the OP's question of having each machine log to a seperate file, without changing the facility/level on the remote machines, i believe that the stock openbsd syslogd does not provide a method for seperating the output logfiles based on incoming host. syslog-ng is in ports, and it is a pretty recent version, and would provide the ability to write a file based on the incoming hostname ( it has a couple built-in macros ). i'm not going to advocate syslog-ng any further than saying that if you find that you still choose to have individual log files per-host, it can do it. on the downside, you may have mixed feelings about running a core service from ports. -- jared [ openbsd 3.9-beta GENERIC ( jan 30 ) // i386 ]
