For more information on logging, see loganalysis.org and the Log Analysis Mailing List.
- Checking logs with swatch. See also sec.pl for an improved log monitoring utility.
- Improving Log Messages. How to improve the content of logs generated by Unix scripts.
- Logging with syslog-ng - how to configure syslog-ng, a replacement for the stock syslogd and standard log file rotation methods.
- Monitoring logs with sec.pl. Includes information on parsing logs and automatically updating the OpenBSD firewall.
- Problems with Log File Rotation, including the “send HUP signal and hope” versus “just copy and truncate” approaches used by external rotation utilities, the difficulty of backing up frequently renamed files, the difficulty in referencing logs from a certain number of days ago in rotated logs, and additional problem should a host be offline for several days.
- Problems with syslogd. Outlines limitations of the standard Unix syslogd.
Audit developer code before it goes to production: developers love to set DEBUG level logs. On systems with large volumes of traffic, this will slow performance and force frequent rotation of the logs to avoid filling the entire disk with logs.
