On Thu, 14 Jan 2010, Seth Vidal wrote:
I did a little spelunking around our system and I have some
suggestions
for the logging infrastructure. We have enough hosts and complexity that
log analysis will help us know when something is misconfigured or flapping
in a weird way.
1. logs in /var/log/hosts on log1 are not consistently named - sometimes
they are being reported with ips, sometimes with short hostname, sometimes
with fqdn. It needs to be made consistent
Now that we control reverse lookups this should be easy.
2. we need to make sure we cleanup old logs from the above, too.
I asked smooge to look into this this morening :)
3. the structure of the log dir doesn't seem to match what
we'd normally
see in /var/log on any host. They are being logged as a different dir per
day, which is great, but it'd be good if rsyslog was putting in the same
file structure as a normal set of logs so normal log analysis tools will
work on it
Where would /var/log/messages on bastion from 2009-03-01 exist?
5. Grouping the logs by type of service would also help look at
group/service trending and issues. especially if an issue is only popping
up on one box.
We can probably do this with symlinks
-Mike