On a default Debian installation both cron and PowerDNS will log into /varlog/syslog. If you are running very frequent cron jobs (like every 5 minutes) or an active PowerDNS server (or recursor), you’ll find syslog will be completely clogged with mostly unimportant messages. The solution of course, is to have these two services output log messages to their own log files.

In Debian Linux, you’ll need to change a few configuration files. First in open /etc/rsyslog.conf and change the following line:

*.*;auth,authpriv.none          -/var/log/syslog

into this (basically add local0 and cron to the list of things not to log into syslog):

*.*;local0,cron,auth,authpriv.none          -/var/log/syslog

Then uncomment the line just below that (remove # sign):

cron.*                         -/var/log/cron.log

If you do not run PowerDNS you can skip to the end of this post. If you do run PowerDNS (server or recursor) create the file /etc/rsyslog.d/pdns.conf (for example using the command nano -w /etc/rsyslog.d/pdns.conf) with the following contents:

local0.* -/var/log/pdns.log

Then update your PowerDNS configuration to make use of this file by changing the following section in either /etc/powerdns/pdns.conf and/or /etc/powerdns/recursor.conf

#################################
# logging-facility      Facility to log messages as. 0 corresponds to local0
#
logging-facility=0

As you can see, uncomment the logging-facility line and set it to 0. After this reboot PowerDNS.

In order for the PowerDNS log file not to grow out of control, you might want to add it to the list of log files that should be rotated by editing /etc/logrotate.d/rsyslog and adding /var/log/pdns.log to the list of log files (I typically add this line below /var/log/messages just before the opening { bracket):

/var/log/messages
/var/log/pdns.log
{

Finally restart rsyslog by running /etc/init.d/rsyslog restart