8

Can someone make a decent case here:

I want to use syslog so logging is integrated and so I can direct it based on severity etc not to mention log rotate, but at the same time I like the idea of having a dedicated log file for my application so if there are issues you can easily see info pertaining to just the application without having to do any filtering. Logging to both a dedicated file and syslog seems redundant. Can someone please convince me to use one or the other, or both.

Thanks

Atomiklan
  • 549
  • 1
  • 8
  • 16
  • Server Fault is not here to "convince you" - we're here to answer practical questions. If you rephrase your question so it's not essentially an opinion poll ("Which should I use, A or B?") we can reopen it. "How can I have per-application log files with syslog?" is one possible variant. [Chris J also gave you some good insight to consider](http://serverfault.com/a/527293/32986) below. – voretaq7 Jul 30 '13 at 17:30
  • Sorry, you are correct. I was looking for an opinion, but I guess I forgot the site guidelines. Luckily I believe I already heard exactly what I needed to hear below. Sorry for the trouble. – Atomiklan Jul 30 '13 at 18:47
  • No trouble - If you want to poll opinions you can always join us in [chat](http://chat.stackexchange.com/rooms/127/the-comms-room). We also welcome questions about logging *techniques* ("How do I..."). The only problematic bit of this question is the "which is better" angle (which as you can see from the answers is very much an "it depends" situation) – voretaq7 Jul 31 '13 at 16:52
  • Use syslog ONLY to get one point in log management. It's helps very much when your installation grows up. – Paul Rudnitskiy Jul 30 '13 at 10:32

3 Answers3

12

If this is an app you're writing or at least can influence, then use syslog and consider having the facility you log under configurable, this way an admin can choose to log to one of the standard facilities, or use one of the local facilities (i.e, those that are local0 thru' local9) which, through the magic of syslog.conf, can be sent to a different file (local0.debug /var/log/myapp.log).

Using syslog also means you can take advantage of remote logging if you want to send log messages from many servers running the same software to a single logging server.

However it also depends what it is you're logging at how frequently. Apache, for example, has it's own logfiles due to the amount of data it creates - it makes much more sense for it to manage its own logging mechanism so syslog doesn't become a bottleneck or swamped with data.

Ultimately you know what you want to log, how frequently, and how much data this is. You also know the app and whether it's multithreaded (lots of requests, and therefore competing resource for a single log file) or not. Without any detail of what you want to do/achieve, it is only possible to generalise.

Chris J
  • 1,218
  • 18
  • 32
  • Perfect answer thank you. I was hoping everyone would have essentially the same response ie use Syslog. Thank you – Atomiklan Jul 30 '13 at 18:48
5

We syslog to Splunk, it gets expensive but it means we have so much more information available to us in one place, we can graph logged incidents over time, raise alerts etc. So yes, you need to syslog but how you do it is up to you.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
-1

Iny my opinion everything belongs to the syslog, if however you have some logs which you regularly have to keep an eye on, or get some reports out of it, i would advise to write them to its own logfile. In my case we have a loadbalancer which we had to monitor on a daily basis, in that case i made a sepparate log for the loadbalancer, but after we verified that everything is working as intended we moved it back to the syslog.

It really depends on your case, but in general use syslog

Jeredepp
  • 171
  • 4