« Recent goings-on with the Core Storage Fabric | Main | more AFS oddness »

syslog-ng on loghost

The syslog daemon on loghost has been switched to syslogng.

Syslogng totally rocks.

A couple things have changed:

* Current log files will be named /var/syslog/messages., where Day is like "Mon" or "Tue" or whatever. It'll automatically reset the logfile to the next day when it rolls around, and empty out last week's day-log when it's time to.

* Archives are now in /var/syslog/backup//..
They'll be in plain text for 10 days or so, then bzip'ed once they've gotten old enough. These are written in real-time with the current log file

* Playing with the idea of filtering out logs for various services (such as mail transport) to separate files. Look at /var/syslog/services/ for an example.

* The log format line has changed. It is now sane.
2005 10 27 16:36:01 -0500 mr6.umbc.edu [notice] imapd[12753]: maildir_open: /afs
/umbc.edu/users/t/g/tgindlin/Mail///inbox/cur

The date is the date of arrival to the syslog server, /not/ the date that the sending host decided to "send." Notice, we've got year and GMT offset!

However, on the other hand, syslog-ng takes up more CPU to do all of this coolness. So, I've ordered a new syslog server out of our "maintenance funds". A shiny, sparkly, new Sun X2100. "X" stands for X-treme.

Posted by Rob Banz on October 27, 2005 7:06 PM |

Post a comment

Search


About

This page contains a single entry from the blog posted on October 27, 2005 7:06 PM.

The previous post in this blog was Recent goings-on with the Core Storage Fabric.

The next post in this blog is more AFS oddness.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.34