Logging is varied by source in some cases like apache and mysql. I like
to push everything thru syslog instead of apps writing their own logs
directly. This centralization makes it much easier to manage logs when
dealing with >handful of machines where one or more central log
repository server(s) is ideal. I really like syslog-ng for this purpose
and separate out logs by host or groups of similar hosts and optionally
broken down by application or even a subset of that as needed into
separate log files and directories.

For example logging very busy Cisco IOS DHCP servers yields more than a
gig of raw logs every day. I have 7 of these hosts' DHCP logs going into
a single file. Then I have a subset of that DHCP log data, DHCPACK's in
this case matched based on REGEX in the syslog config, go to yet another
file for extremely fast scripted searches because this file is tiny
compared to the full DHCP log.

Coupled with log rotation using logrotate you can accomplish pretty much
anything you need.

The syslog-ng website and mailing list archives no doubt have a lot of
good documentation about logging techniques and practices:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/bk01-toc.html 

I am sure rsyslog does as well but the complexity of its config files
and the quality of its documentation (finding the right document on
their site is sometimes very tough) has been a big turnoff for me,
always reminded me of sendmail a bit.

One of the important keys is to make sure your system writing the logs
(be it a separate server and/or the local machine itself) has fairly
accurate time synchronization so you can accurately correlate events.
You can move to an event correlation system like Splunk to help group
logged activities together and flag certain thresholds/conditions. A
simpler method would be to use something like swatch.

On Tue, 2010-11-23 at 12:14 -0600, r j wrote:

> I am seeking a good guide to log files.
> 
> I recently came a cross a friends computer with an x failure and no
> record of it in the var/log/xorg0.log
> I would like to know mare about apache logs and MySQL logs.
> Is there a all in one reference about logging for Linux our should I
> just be content with the online doc's regarding logs from
> apache,x, MySQL,etc..
> Thanks for any help you can give.
>   
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20101123/34339995/attachment.htm