tbird> 2) Given a particular operating system and/or system purpose tbird> (such as a UNIX mail server, or a Windows Domain Controller, or tbird> whatever), what are the (pick your favorite integer) 15 most tbird> frequently logged messages in the elusive "typical" tbird> environment? What do they mean? Do we have sample data? I think the key problem is that in order to do this, you have to define "standard" platform/usage profiles. Most of us can't even get that for the company we're working for at the time, much less across the Internet. B^) Even something as "standard" as UNIX mail server will vary. OK, what OS? Well, Solaris or Linux. Which Linux? etc... This doesn't even get to the next part of the problem: what is "normal" for a UNIX mail server? Depends. Joe's ISP and Taco stand probably doesn't have many of the problems Amazon.com does. We could probably come up with some guesses. I've always been a big believer that I'd rather have an 80% solution than wait two years for a 95% solution but I'm not sure we'd be anywhere near that accurate across all reasonable configurations. I'd also be willing to bet that in some cases, guessing wrong would be worse than doing nothing. I'll posit the next straw man to torch: what would be useful is a standardized methodology for how to turn two weeks of verbose logging into a template against which to compare "normal", "abnormal" and "catastrophic" at your particular site/application. This does assume your first point of somewhat standardized logging being available on all critical OSs and Apps. _______________________________________________ LogAnalysis mailing list LogAnalysisat_private https://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 07:23:40 PDT