[logs] Error messages from syslogd
Anton Chuvakin
anton at chuvakin.org
Fri Jul 13 19:47:01 PDT 2007
> I think this is a beautiful discussion.
No kidding! :-)
I think it has another important dimension: I would like to opine that
a programmer (not sure good, bad or an ugly one..) should be allowed
and encouraged to write whatever he wants to a log file (not
necessarily syslog, but syslog as well) up to and including 'line 10
executed OK' :-)
However, there are two critical conditions which make the above
"beautiful" rather than ugly:
1. the meaning and purpose of each recorded message should be clear to
BOTH humans (e.g. be human readable and understandable or documented)
and systems (e.g. have a unique documented message type ID)
2. if dumping to syslog, there should be a clear way to a) filter or
b) turn on/off this message (e.g. debug flag)
Other than that, all bets are off. More info in logs is better AS LONG
AS you can understand it or throw it away (again, see conditions
above)
BTW, what is a crash dump? :-) I dunno ... and I don't know anyone who does :-)
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list