To use syslog or not [closed]
Solution 1:
If this is an app you're writing or at least can influence, then use syslog and consider having the facility you log under configurable, this way an admin can choose to log to one of the standard facilities, or use one of the local facilities (i.e, those that are local0
thru' local9
) which, through the magic of syslog.conf, can be sent to a different file (local0.debug /var/log/myapp.log
).
Using syslog also means you can take advantage of remote logging if you want to send log messages from many servers running the same software to a single logging server.
However it also depends what it is you're logging at how frequently. Apache, for example, has it's own logfiles due to the amount of data it creates - it makes much more sense for it to manage its own logging mechanism so syslog doesn't become a bottleneck or swamped with data.
Ultimately you know what you want to log, how frequently, and how much data this is. You also know the app and whether it's multithreaded (lots of requests, and therefore competing resource for a single log file) or not. Without any detail of what you want to do/achieve, it is only possible to generalise.
Solution 2:
We syslog to Splunk, it gets expensive but it means we have so much more information available to us in one place, we can graph logged incidents over time, raise alerts etc. So yes, you need to syslog but how you do it is up to you.