Re: [logs] Best Practices for Application Logging

From: Nate Campi (nateat_private)
Date: Thu Oct 11 2001 - 12:56:56 PDT

  • Next message: Hal Snyder: "Re: [logs] Best Practices for Application Logging"

    On Thu, Oct 11, 2001 at 09:31:39PM +0200, Fred Mobach wrote:
    > Hello,
    > 
    > That's a great post, simple and straight. You'll have of course your
    > reasons for doing so and I have to admit that I mostly use the same
    > strategy. However, one not so minor detail in my strategy is different.
    > 
    > Where you are looking for interesting items and emails those to the
    > selected staff I unselect uninteresting messages and post the remaining
    > messages to :
    > - known messages to the operators for that software package,
    > - unknown messages to the security officers.
    > The latter because I never know beforehand what's going on.
    
    I don't want this to be a "me too" message, but me too! ;)
    
    I took a hard look at different ways to monitor logfiles, and came to
    the conclusion that tools like swatch and logsurfer which alert you to
    preconfigured events are essential, they don't address the whole
    problem.
    
    Tools that take the approach of logcheck, of showing you that which you
    have not explicitly chosen to ignore are the most useful (though perhaps
    noisy at times).
    
    FWIW, I use swatch and (a modified) logcheck in my centralized syslog
    loghost implementation, and find they complement each other very well.
    -- 
    Nate Campi, UNIX Ops WiReD SF, Terra Lycos DNS, (415) 276-8678  
    
     "During the million-dollar BIND 9 rewrite, Paul Vixie characterized the
     original BIND code as `sleazeware produced in a drunken fury by a bunch
     of U C Berkeley grad students.'" - DJB cr.yp.to/djbdns/blurb/unbind.html
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 14:09:48 PDT