On Wed, Jul 17, 2013 at 01:40:27PM -0400, Matthias Clasen wrote:
It really feels like this discussion is beyond its peak usefulness.
Maybe we can give another shot of relevance by collecting a list of packages that depend on syslog (or are useless without /var/log/messages or other log files in /var/log) ?
I've heard logwatch, logrotate and fail2ban mentioned. Are there others ?
Based on looking at http://codesearch.debian.net/, with both /var/log/messages and /var/log/syslog (debian's default), I come with a handful.
logcheck. Matthias Runge was maintaining this fairly actively about 2.5 years ago and then kind of trailed off. This is a shell script.
pcp (Performance Co-Pilot). Haven't really investigated.
nova-manage (from openstack) has an awful script to extract log info from log files (tries /var/log/syslog, then falls back to /var/log/messages). This would actually be significantly nicer using journalctl.
lvmdump, which makes a tarball of lvm diagnostic reports. Currently includes "recent entries from /var/log/messages".
hplip (HP Linux Imaging and Printing Project) - includes a helper script called "logcapture" intended to search log files for printer messages for diagnostic purposes. This looks in /var/log/syslog, /var/log/messages, and /var/log/cups/error_log.
There's also epylog (maybe not in debian?)
And really not much else other than documentation and examples -- which like as not _already_ aren't applicable. For example, the sudo man page references /var/log/syslog, as does the logfilter example in the rsync documentation.