On Thu, 14 Jan 2010, Seth Vidal wrote: > I did a little spelunking around our system and I have some suggestions > for the logging infrastructure. We have enough hosts and complexity that > log analysis will help us know when something is misconfigured or flapping > in a weird way. > > 1. logs in /var/log/hosts on log1 are not consistently named - sometimes > they are being reported with ips, sometimes with short hostname, sometimes > with fqdn. It needs to be made consistent > Now that we control reverse lookups this should be easy. > 2. we need to make sure we cleanup old logs from the above, too. > I asked smooge to look into this this morening :) > 3. the structure of the log dir doesn't seem to match what we'd normally > see in /var/log on any host. They are being logged as a different dir per > day, which is great, but it'd be good if rsyslog was putting in the same > file structure as a normal set of logs so normal log analysis tools will > work on it > Where would /var/log/messages on bastion from 2009-03-01 exist? > > 5. Grouping the logs by type of service would also help look at > group/service trending and issues. especially if an issue is only popping > up on one box. > We can probably do this with symlinks -Mike _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
