Re: [logs] a small reminder

From: Victor Fernandes (Victor.Fernandesat_private)
Date: Mon Sep 02 2002 - 04:02:09 PDT

  • Next message: Rodney Thayer: "Fwd: Re: [logs] a small reminder" 

    My small contribution...

In my opinion before starting to formalize on what events to log, the
facilities to use, the data formats to use etc, we could first
categorize
the events we want to log.

Two main categories are obvious to me, Hardware and Software related
events.
From there we can order the events on subcategories, like:

Hardware
        Main System
                Motherboard
                        CPU
                                Cpu0 is too hot
                Cabinet
                        Cabinet
                                Front port Open
                PCI Bus
                        Card0
                                Not responding
.../...
        Disk Array
                Array0
                        Disk0
                                Down

Software
        Kernel
                Drivers
                        PCMCIA
                                Drivers not responding
.../...

        Print Services
                Spooler daemon
                        Queue Status
                                Queue X is full
        Network
                Driver
                        Status
                                Too many Half Open Connections
.../...

This will gives the possibility to easily filter what is important (at a
specific moment) and then order each event on different categories based
on
job roles or priorities (e.g. security related events - hardware or
software,
maintenance events, etc).

Best regards,

Victor Fernandes

Tina Bird wrote:
> 
> whilst i'm enjoying the conversation about log formats and transport
> mechanisms, i feel obliged to point out that when i kicked off discussion
> #1 on the path to world domination, i was trying to build a list of events
> we'd like to see logged.
> 
> as seems to be standard when we talk about logging, we have gone haring
> off after how to transport the data and how to parse the data and we've
> lost track of what bloody data we're after.  arguments about "could it be
> standardized" notwithstanding, sniff, sniff, surely >>someone<< out there
> has opinions about other things they'd like to see?
> 
> yours in attempting to maintain my thread -- tbird
> 
> "Wine is strong, the King is stronger, women are strongest, but TRUTH
>           conquers all."
> -----     Inscription in the Rosslyn Chapel (near Edinburgh, Scotland)
> 
> http://www.shmoo.com/~tbird
> Log Analysis http://www.counterpane.com/log-analysis.html
> VPN http://vpn.shmoo.com
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

    This archive was generated by hypermail 2b30 : Mon Sep 02 2002 - 19:34:46 PDT