Re: [logs] Logging: World Domination

• Previous message: Paul Ebersman: "[logs] Re: What's normal?"
• In reply to: Tina Bird: "[logs] Logging: World Domination"
• Next in thread: Raistlin: "Re: [logs] Logging: World Domination"
• Next in thread: copelandtat_private: "RE: [logs] Logging: World Domination"
• Reply: Raistlin: "Re: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

On Aug 20, 2002 at 0642 +0000, Tina Bird told the whole wide world:
> 1) What sort of state changes "should" applications and operating systems
> log in the first place?  --> A standard for programmers

Since I have a background in physics I am not sure whether we can define
state changes for applications or operating systems. In many cases a
state change is indicated by several seperate log messages within a
certain time frame. So I believe in addition to text messages
applications should provide some statistics of what they are doing. MTAs
could offer something like {delivered,blocked,returned} mails per time
frame. Similar information can be created for other applications.
Monitoring these statistics would allow a better description of state
changes. Most log parsers I use convert the log messages into statistics
that can be compared among machines running the same software which is a
good method to figure out what "normal operation" looks like.

> [...]

I have to think (i.e. look into my logs) a bit about question 2 and 3
before having any answers.

> 4) If you're a new system administrator and you're just starting to
> integrate machines into a central logging infrastructure, where should you
> start?

I believe a good point to start is to think how the generated data will
be processed. Generating lots of log data is no problem, maybe archiving
and storing can also be managed but I have seen people logging
everything without knowing what to do then.

> 5) What sort of situations do >>not<< create log data for default
> configurations of a particular operating system or application?

A practical answer is not to have log information for things we never
look at. ;-)

> [...] If we can reach any sort of consensus on these issues then we
> can actually build >>useful<< templates for swatch, logsurfer, and the
> other log parsing tools out there.

Do you intend to create these templates from scratch or you want to
improve the existing templates that are currently in use?

Cheers,
Rene

-- 
 GNU/Linux Manages! - Linux Solution Provider
  RP551296-NICAT    - Free Software for Open Minds

• application/pgp-signature attachment: stored

• Next message: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Previous message: Paul Ebersman: "[logs] Re: What's normal?"
• In reply to: Tina Bird: "[logs] Logging: World Domination"
• Next in thread: Raistlin: "Re: [logs] Logging: World Domination"
• Next in thread: copelandtat_private: "RE: [logs] Logging: World Domination"
• Reply: Raistlin: "Re: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 10:35:52 PDT