On Thu, Jan 05, 2006 at 03:42:54PM -0500, Anton Chuvakin wrote:
> How about a page on 'why wasabi and not logwatch, logsentry, sec, etc,
> etc, etc?'
Yeah, we always talked about it and maybe we should put a page about it. I'd
rather enourage people to use tenshi (formerly known as wasabi) rather than
deciding on a comparison. There are no definitive points against one or other
apps for most people, sometimes you just have to "feel" what works for you.
Anyway the biggest differences against logcheck/logsentry (besides tenshi
being actively maintained) is flexibility, tenshi is much more powerful in how
the reports should be assigned/constructed, and the whole concept of queues and
timing of the different queue checks that logsentry lacks. We also like to
think that tenshi is cleaner implementation/documentation and
packaging wise ;). Tenshi also runs as a daemon btw and it's not driven by
crontab.
We should also put a huge entry in our future FAQ saying "we are not swatch!"
since when tenshi came out everyone was asking why are we doing this since
swatch is out there. Again swatch has no concept of queues and we don't
provide a exec target atm along with no interactive things like the "beep"
action. Tenshi's main point is summarization (along with instant notifications) and
that's something swatch can't do (like logsentry). We don't have throttling
btw (while swatch has something for that), but it wasn't an imeediate need
since summarization is what we rely on. I think that with the threshold thing
you can have swatch doing something similiar to tenshi anyway but still
tenshi should provide a better/easier implementation for these kind of things.
Swatch seems over-complicated to us.
Logwatch values its default set of rules, we don't have such thing and we ask
users to understand and feed their own rules, and let's say that we find
logwatch messy and overly complicated for what he has to do.
No rants intended here, it's just a matter of personal preferences. It's good
to have many choices and we are not seeing this as a competition ;). Our main
objective was providing something powerful and actually useful without
overcomplicating configuration and the code, performance was also a main
issue for us along with a clean distribution/packaging.
If you have never used tenshi I encourage you to try it out and say why it
sucks/works for you, feedback is always welcome.
Cheers!
--
Andrea Barisani Inverse Path Ltd
Chief Security Engineer -----> <--------
<andrea@private> http://www.inversepath.com
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Jan 06 2006 - 11:53:48 PST