This is a wiki page. Be bold and improve it!
If you have any questions about the content on this page, don't hesitate to open a new ticket and we'll do our best to assist you.
There are several different system loggers. The best strategy for you would be to use whichever one comes as default with your distribution. On Ubuntu systems, the default is rsyslog.
why does the world need another syslogd? (aka rsyslog vs. syslog-ng)
(an interesting read, providing some insight into different ways of thinking in the open source software world.)
rsyslog vs. syslog-ng
(outdated document. It boils down to a choice of licenses and different perspective on open source software).
Importance of logs
Logs are important, especially with regard to error logs. When trying to troubleshoot a problem, the first thing a user should do is check the error logs.
Unfortunately, the logs by some applications are not clear, not complete or even misleading.
Logs, especially error logs, should provide:
- a clear timestamp.
- an error code that can tie the error to a specific place in the code, making it easier to debug the application.
- a clear error message, indicating what went wrong.
- a clear indication on how the user could remedy the situation and where documentation relevant to the error can be found (man page section, web page, etc.)
Each application apparently implements its own log, with its own format. What's worse, some logs are now increasingly maintained in a binary format.
What logging format exist? Where are they documented?
Some application have separate logs for error and for normal operations. Others combine those in the same log file.