RE: [logs] most popular reports...?

From: Tina Bird (
Date: Thu Aug 19 2004 - 11:41:41 PDT

> the same story. It doesn't help you to look at them with "more"
> either.
I may be misrepresenting my esteemed colleague (I'm confident marcus will
let us >all< know if I've done that ;-), but I think his point was that
there is no point to starting with the fancy interpretive tools if you have
>not< just sat there at looked at the bloody things with "more."

Not teaching the students that using the eyeball/brain combination is
useless >by< using "more."

One of my biggest problems with the entire industry of log
analysis/visualization/SEM is that at least for the products I've looked at
closely enough to have an opinion -- they all depend on ME (the individual
system administrator) to tell them what events I care about.  I don't mean
just the trivial "I have an Extreme Alpine on my network, so I care about
messages specific to that platform."  I mean they give me all these
sophistiated architectures for building custom alerts based on what I care
about, and very little in the way of tools that help me quickly identify
things which are "odd."  Well, hell.  That's not a sufficient improvement
over the open source tools to make them worth the money...maybe it will be

yours in curmudgeonliness -- tbird

LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 11:42:02 PDT