[logs] Error messages from syslogd

[Marcus J. Ranum]

Rainer Gerhards wrote:
>Any ideas for an improved handling of such situations are appreciated.

The whole problem started when the notion of "system console"
got lost in the shuffle of the late 80's. Because everything moved
to headless networked systems, the system log took over, in
effect, for the console log. Which was a really bad thing because
it meant that you were logging notifications about failure through
the same system that was potentially subject to the failure.

Anyone ever seen a syslog message like:
(datetime) syslogd: /var/log filesystem full
Yeah, I didn't think so. :)

Unfortunately, network console never really happened in the
late 80's (Paul Vixie did some really bad-ass work with a
networked KVMoid thingie for ULTRIX that never got outside
of DEC West) and the modus operandi for figuring out
what was wrong became a case of
tail /var/log/messages
instead of walking to the console.

Let me summarize my view of the tragedy of system
logging thusly:
        Eric brought all the logs together in one place, and saw that
        it was good, because they could then be processed with a
        single invocation to the god 'rm'. And the system loggers
        came, and bewailed the complexity of log data - because
        it was all jumbled together. So the loggers girded up their
        loins and burned many regexps and awk scripts in
        sacrifice and were able to eventually separate the logs
        into separate application-specific data sets, thereby
        undoing the work of the Mighty Eric at great expense.
        And they thought that it was good.

mjr.