分类: LINUX
2008-03-03 21:47:46
This section provides general tips and recommendations on using syslog-ng. Some of the recommendations are detailed in the subsequent sections.
# 注释 :该部分提供一些关于 syslog-ng 的使用方面的技巧和建议
# -)1、不要只依赖 facility 来分离日志信息,因为不同的程序可以使用相同的 facility ,应该使用应用程序名
# -)2、一般的日志消息中的时间戳不含年份信息,建议换成 ISO 格式的时间戳。
# -)3、如果启用 DNS 查询,会降低 syslog-ng 的性能。
Do not base the separation of log messages into different files on the facility parameter. As several applications
and processes can use the same facility, the facility does not identify the
application that sent the message. By default, the facility parameter is not even included in the
log message itself. In general, sorting the log messages into several different
files can make finding specific log messages difficult. If you must create
separate log files, use the application name.
Standard log messages include the local time of the sending host, without any time zone information. It is recommended to replace this timestamp with an ISODATE timestamp, because the ISODATE format includes the year and timezone as well. To convert all timestamps to the ISODATE format, include the following line in the syslog-ng configuration file:
options {ts_format(iso)};
Resolving the IP addresses of the clients to domain names can decrease the performance of syslog-ng. See for details.