Syslog is not updating
Due to this some architectural decisions made in syslog are suboptimal.
Still attempt to improve syslog such as proved to be only half-successful.
Here anomaly detection analyzers can probably be more useful.
The key file that is influencing syslog behavior is file.
In Linux this is logrotate Believe it or not, but syslog was create as "afterthought".
It was initially created for sendmail and became part of Unix only later.
In some implementations actions can be combined (using comma with optional space as separators), for example: .
The macro then can evaluate if log file are to be help locally or on a remote system, or a combination of both.
The selector list is a semicolon-separated list of priority specifications in the following format: facility.level; facility.level.
Traditionally it contains two columns called the selection and action, respectively.
Since our monitoring script notified us that one of our domains wasn’t responding for a few minutes last time, I checked all files in /var/log on the server hosting this domain.