[colug-432] syslog facilities
Brian Miller
bnmille at gmail.com
Wed Apr 9 11:40:08 EDT 2014
On 04/09/2014 11:07 AM, Jon Miller wrote:
>
> Rick Hornsby <richardjhornsby at gmail.com> writes:
>
>> Curious about opinions on syslog facilities, specifically when your
>> [r]syslog server is set up to accept logs from remote sources. Says the
>> RFC, the enumerated facilities are:
>> I realize the names are just labels, but I like to do things correctly and not just make it up as I go along. I want, as much as possible, the next guy who comes after me not to scratch his head wondering what kind of nonsense I came up with.
>>
>>
>> If you're using a syslog server (for example) to accept HTTP access logs from load balancers, which facility is the "correct" one? We're using local0 right now, but that feels kind of hack-ish because local is supposed to be for local stuff, not remote stuff?
>>
>>
>> What is the convention for choosing a facility to handle remote logs?
>
> I've always used one of the localN facilities myself. I like to think of
> "local" as in "local institution" in that it's our playground for managing
> the syslog traffic that we deliberately care about. And if I were the next
> guy after you, I certainly wouldn't be scratching my head about using
> local0.
>
I think as long as your rsyslog.conf file has some comment in it that
says "this next line is to put all of the http access logs from our load
balancer in one place", it should be pretty clear what you are trying to do.
More information about the colug-432
mailing list