Re: [logs] Best Practices for Application Logging

From: todd glassey (todd.glasseyat_private)
Date: Thu Oct 11 2001 - 12:51:08 PDT

  • Next message: Tina Bird: "[logs] blatant self-promotion"

    ----- Original Message -----
    From: "Fred Mobach" <fredat_private>
    To: "Hal Snyder" <halat_private>
    Cc: "Log Analysis Mailing List" <loganalysisat_private>
    Sent: Thursday, October 11, 2001 12:31 PM
    Subject: Re: [logs] Best Practices for Application Logging
    
    
    > Hello,
    >
    > That's a great post, simple and straight. You'll have of course your
    > reasons for doing so and I have to admit that I mostly use the same
    > strategy. However, one not so minor detail in my strategy is different.
    >
    > Where you are looking for interesting items and emails those to the
    > selected staff I unselect uninteresting messages and post the remaining
    > messages to :
    > - known messages to the operators for that software package,
    > - unknown messages to the security officers.
    > The latter because I never know beforehand what's going on.
    >
    > Regards,
    >
    > Fred
    >
    > Hal Snyder wrote:
    > >
    > > Not sure exactly what "building an enterprise logging infrastructure"
    > > is, but here is an offering based on several years' experience with
    > > the data network for a small computer telephony company.
    > >
    > > As you will see, I have trouble separating logging from monitoring.
    > >
    > > HTH.
    > >
    > > <<big snip>>
    > >
    > > 6. Keep log delivery simple.
    > >
    > >    Keep to an absolute minimum the number of steps between the
    > >    system creating log information and the person who needs it. The
    > >    more complex a system is to configure and maintain, the less
    > >    likely it is to be used. Avoid glitz and eye candy.
    > >
    > >    The #1 most successful use of logging we have today simply scoops
    > >    up new log content, looks for interesting items, and emails
    > >    selected staff. This is after multiple generations of all sorts of
    > >    more complicated stuff. We still run fancy GUIfied monitoring
    > >    screens, but that is mainly for the visitors. :)
    
    
    And for the most part the content captured will not stand up in court since
    there is no way to tell where the logging data come from or how it was
    managed. Further it is your testimony that substantiates the even making you
    the lynchpin of the trust model. That is exactly the weakness that we need
    to address. Removing human culpability from the equation.
    
    
    >
    > --
    > Fred Mobach - fredat_private - postmasterat_private
    > Systemhouse Mobach bv - The Netherlands - since 1976
    >
    > quo usque tandem abutere patientia nostra de fenestris ?
    >
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > For additional commands, e-mail: loganalysis-helpat_private
    >
    >
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 14:13:39 PDT