Consider these two types of error (just examples): - application realizes that the local SSL certificate is expired - it continues accepting connections but it logs an error
- remote user tries to connect but his client certificate is expired so the connection is refused - this, too, is logged as an error The first type of error requires the local sysadmin to fix something. It might also be a full disk, can't bind to a port, etc. Sysadmins usually like to be alerted about such things because everything stops if they don't fix it. The second type of error can't be fixed by the local sysadmin - it is very useful to see it in a different colour when troubleshooting but it is not something the sysadmin wants to be alerted about in the middle of the night. What strategies do people have in place for distinguishing these different types of error? One thing that comes to mind is to use the facility value, e.g. LOCAL0 could be errors that need attention and LOCAL1 could be errors that don't. Does RFC 5424 structured data provide a more elegant way to deal with this? For Java applications, I've noticed that some frameworks now support a Marker[1] (e.g. it is in log4j 2.x and slf4j) - has anybody tried using Marker to solve this problem and how have people translated Marker to the Syslog world? 1. http://logging.apache.org/log4j/2.x/manual/markers.html _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
