-Forensics. The biggest problem I have had recently is the default logrotate configuration that deletes everything after a month. You don't have to be a hacker and delete the logs lograte is configured to delete
the logs for you.
- Structured and more paresable syslog. That is known as RFC5424, and is already supported by rsyslog. It might help to get applications to take better advantage of the new format but a better backwards compatible syslog has already been done and is standardized.
Can we please just take advantage of the tools we have rather than embarking on yet another NIH adventure?