I am developing many applications that working together and now having discussion how to consolidate logs. What I am seeing from many applications, they all dump logs to /var/log/ or any directory related to application itself.
Ex. /var/log/hadoop, /var/log/access_log, etc.
But my colleague said "just put everything in Syslog". So, everything is centralised and easy to troubleshoot. We don't have to know where log is setting in each application.
So, what is the advantage of using syslog over putting log file in your own application? Is it just developer centric to put log file in /var/log/ or any directory of their choices? or it is actually the best practice over syslog?
When you send your logs to syslog, logs can be processed by the syslog daemon (rsyslog for instance) in various ways:
In fact I don't see any good reason to write logs directly to some file.