Setting up centralized logging
Linux servers are typically configured to use a syslog based logging system for handling events. There is a wide collection of syslog implementations, each with their own little take on log handling. By default, Ubuntu servers are configured with rsyslog, which is a fast and feature-full syslog implementation.
The configuration for rsyslog is defined in /etc/rsyslog.conf, as well as in any *.conf files included in /etc/rsyslog.d/. If you look in /etc/rsyslog.d/50-default.conf, you will see configuration entries, such as:
auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog
The left-hand side shows the facility/severity of the syslog events. You can specify more than one of them using a comma separating the values. For example, auth, authpriv.* specified preceding logs both the auth and authpriv facilities at all severities to /var/log/auth. The syslog protocol allows for 24 different facilities (0-23), including ones...
