|
|
|
|
|
|
by dragonne
3294 days ago
|
|
|
This, a thousand times this. Failing that, though, at least change the default rsyslog configuration such that: * Timestamps are not ambiguous (the default includes no timezone offset) * Timestamps are higher resolution (milliseconds at least, but preferably microseconds) * The syslog severity/priority is not discarded (tools which display these files must use disgusting heuristics like searching for "err" to highlight errors) * Rate limiting is disabled, as rsyslog sees all messages as coming from journald. This means that a misbehaving (chatty) application can cause critical messages from other apps to be dropped. journald does its own (per-source) rate limiting anyway. * /var/log/syslog is rotated by size as well as time, so a misbehaving program can't easily fill up the partition which contains that file by accident. The current default is 1/day rotation, with no size limit. |
|
|