Re: FW: [logs] Logging in the real world

• Previous message: Coffman, Tony: "[logs] Windows shutdown"
• Next in thread: Russell Fulton: "Re: FW: [logs] Logging in the real world"
• Reply: Russell Fulton: "Re: FW: [logs] Logging in the real world"
• Reply: Karl Vogel: "[logs] Can we build on existing software?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Jan 2003, Rainer Gerhards wrote:

> I now see the reasoning for Ogle Ron's post.... The list might have
> become a little bit too implementor-driven. Lot's of code, APIs and that
> stuff. How do you feel about this? I can understand that those
> interested in pure log analysis feel the list is to busy with noise from
> there point of view. On the other hand I fear by moving this discussion
> to a separate list, much feedback will be lost forever... So I am
> handing this thought to the wise list owner ;)

Ah, the endless question of signal to noise.

Well, as one of the most vocal system administrators on this list, I have
some sympathy for the "could we get back to talkign about what I >do< with
all this data" point of view (as people will recognize from my occasional
postings to try to pull things back to lists of messages we'd like to have
but don't have yet, messages we'd like to count to figure out normal
activity on the network, and single-or-few line messages that indicate
chaos is about to erupt.  And admittedly a lot of the recent discussion
doesn't help much with those bits of My Quest.

But I feel rather more strongly about the vast quantities of discussion
about things like log parsing and normalization.  Wow we've been having a
>lot< of good discussions, code is getting written, and people who are
writing the code are actually listening to me and the other "end users" on
the list.  And I also agree that moving the discussion somewhere else (and
where would it go, anyhow?) would destroy a lot of momentum.  Not worth
it.

In the long run, having dev and engineering questions in the same "space"
occupied by a bunch of system administrators can hardly be a bad thing.

So please, feel free -- uninterested readers can delete -- and if anyone
wants to talk about *sigh* what kind of events they want to analyze or
their favorite tool for monitoring a particular system or things like
that, that would be just grand ;-)

tbird

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] RE: syslog/tcp (selp)"
• Previous message: Coffman, Tony: "[logs] Windows shutdown"
• Next in thread: Russell Fulton: "Re: FW: [logs] Logging in the real world"
• Reply: Russell Fulton: "Re: FW: [logs] Logging in the real world"
• Reply: Karl Vogel: "[logs] Can we build on existing software?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 08:56:36 PST