Re: [logs] Best Practices for Application Logging

From: todd glassey (todd.glasseyat_private)
Date: Thu Oct 11 2001 - 12:51:08 PDT

Next message: Tina Bird: "[logs] blatant self-promotion"

Previous message: Hal Snyder: "Re: [logs] Best Practices for Application Logging"
In reply to: Fred Mobach: "Re: [logs] Best Practices for Application Logging"
Next in thread: Rich Salz: "Re: [logs] Best Practices for Application Logging"
Reply: Rich Salz: "Re: [logs] Best Practices for Application Logging"
Reply: John Ladwig: "Re: [logs] Best Practices for Application Logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Fred Mobach" <fredat_private>
To: "Hal Snyder" <halat_private>
Cc: "Log Analysis Mailing List" <loganalysisat_private>
Sent: Thursday, October 11, 2001 12:31 PM
Subject: Re: [logs] Best Practices for Application Logging


> Hello,
>
> That's a great post, simple and straight. You'll have of course your
> reasons for doing so and I have to admit that I mostly use the same
> strategy. However, one not so minor detail in my strategy is different.
>
> Where you are looking for interesting items and emails those to the
> selected staff I unselect uninteresting messages and post the remaining
> messages to :
> - known messages to the operators for that software package,
> - unknown messages to the security officers.
> The latter because I never know beforehand what's going on.
>
> Regards,
>
> Fred
>
> Hal Snyder wrote:
> >
> > Not sure exactly what "building an enterprise logging infrastructure"
> > is, but here is an offering based on several years' experience with
> > the data network for a small computer telephony company.
> >
> > As you will see, I have trouble separating logging from monitoring.
> >
> > HTH.
> >
> > <<big snip>>
> >
> > 6. Keep log delivery simple.
> >
> >    Keep to an absolute minimum the number of steps between the
> >    system creating log information and the person who needs it. The
> >    more complex a system is to configure and maintain, the less
> >    likely it is to be used. Avoid glitz and eye candy.
> >
> >    The #1 most successful use of logging we have today simply scoops
> >    up new log content, looks for interesting items, and emails
> >    selected staff. This is after multiple generations of all sorts of
> >    more complicated stuff. We still run fancy GUIfied monitoring
> >    screens, but that is mainly for the visitors. :)


And for the most part the content captured will not stand up in court since
there is no way to tell where the logging data come from or how it was
managed. Further it is your testimony that substantiates the even making you
the lynchpin of the trust model. That is exactly the weakness that we need
to address. Removing human culpability from the equation.


>
> --
> Fred Mobach - fredat_private - postmasterat_private
> Systemhouse Mobach bv - The Netherlands - since 1976
>
> quo usque tandem abutere patientia nostra de fenestris ?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Tina Bird: "[logs] blatant self-promotion"
Previous message: Hal Snyder: "Re: [logs] Best Practices for Application Logging"
In reply to: Fred Mobach: "Re: [logs] Best Practices for Application Logging"
Next in thread: Rich Salz: "Re: [logs] Best Practices for Application Logging"
Reply: Rich Salz: "Re: [logs] Best Practices for Application Logging"
Reply: John Ladwig: "Re: [logs] Best Practices for Application Logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 14:13:39 PDT