[asterisk-users] OT - best policy for logs

Steve Edwards asterisk.org at sedwards.com
Thu Nov 15 13:31:49 CST 2007 

On Thu, 15 Nov 2007, Jay R. Ashworth wrote:

> On Thu, Nov 15, 2007 at 07:29:29PM +0100, Olivier wrote:
>>    Which is the best way to manage logs ?
>>    Would you centralize and "mix" logs from Linux, Asterisk, syslog and others
>>    or keep them separate ?
>
> In my experience, it's easier to combine them all into one syslog
> server, and then utilize tools to filter them apart when necessary,
> since there are more tools to do that than to *combine* them when that
> is necessary, which it often is.

99.9999% of all logs are useless and never looked at. I configure all 
applications to log to syslog, all hosts to syslog to a single host, and 
the loghost logs everything in a single file.

Each night I "rotate" the single log file by "mv'ing" it to append just 
the day of the month, create a new log file, and HUP syslogd.

This way, none of the other systems run out of disk space from excessive 
logging and require no maintenance. The syslog host's disk usage will 
stabilize after about a month.

With all of the logging in a single file, you can filter to your heart's 
content and notice patterns or errors you would have missed otherwise. 
Also, (assuming you use ntp) it makes it easier to see what other systems 
were doing at an interval of interest.

If you have a problem, you have the last [28|30|31] days of logs to look 
at. If you haven't noticed a problem after 30 days, either it wasn't that 
big of a deal or you have much bigger problems :)

The performance implications can be astounding. One client had a web host 
with dozens of sites. Each site logged it's accesses to a separate file. 
Combining all of the accesses to a single stream logged on a separate host 
turned a abysmally performing site (because the disk was being hammered by 
bouncing between all of the log files scattered about) into a very 
reasonably performing system.

Thanks in advance,
------------------------------------------------------------------------
Steve Edwards      sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                             Fax: +1-760-731-3000

More information about the asterisk-users mailing list