To use syslog or not [closed]

logging syslog

Solution 1:

If this is an app you're writing or at least can influence, then use syslog and consider having the facility you log under configurable, this way an admin can choose to log to one of the standard facilities, or use one of the local facilities (i.e, those that are local0 thru' local9) which, through the magic of syslog.conf, can be sent to a different file (local0.debug /var/log/myapp.log).

Using syslog also means you can take advantage of remote logging if you want to send log messages from many servers running the same software to a single logging server.

However it also depends what it is you're logging at how frequently. Apache, for example, has it's own logfiles due to the amount of data it creates - it makes much more sense for it to manage its own logging mechanism so syslog doesn't become a bottleneck or swamped with data.

Ultimately you know what you want to log, how frequently, and how much data this is. You also know the app and whether it's multithreaded (lots of requests, and therefore competing resource for a single log file) or not. Without any detail of what you want to do/achieve, it is only possible to generalise.

Solution 2:

We syslog to Splunk, it gets expensive but it means we have so much more information available to us in one place, we can graph logged incidents over time, raise alerts etc. So yes, you need to syslog but how you do it is up to you.

Related

Apache basic auth for a particular URL
Postfix and Dovecot opened ports
How can I change the IIS default document order using Powershell?
How to configure a small network of computers within a larger university network?
Can't redirect microphone by rdp: No audio devices are installed
Programming theory: Solve a maze
Is this user agent string related to Safari?
CentOS 7 and Hyper-V
OpenVPN: correct way to use a relative path in an OVPN file
Determine if C drive has 2 GB of free disk space
DTrace limited on Centos/Fedora
How to prevent password expiration in apache Archiva