On Thu, 14 Jan 2010, Seth Vidal wrote:
> I did a little spelunking around our system and I have some suggestions
> for the logging infrastructure. We have enough hosts and complexity that
> log analysis will help us know when something is misconfigured or flapping
> in a weird way.
> 1. logs in /var/log/hosts on log1 are not consistently named - sometimes
> they are being reported with ips, sometimes with short hostname, sometimes
> with fqdn. It needs to be made consistent
Now that we control reverse lookups this should be easy.
> 2. we need to make sure we cleanup old logs from the above, too.
I asked smooge to look into this this morening
> 3. the structure of the log dir doesn't seem to match what we'd normally
> see in /var/log on any host. They are being logged as a different dir per
> day, which is great, but it'd be good if rsyslog was putting in the same
> file structure as a normal set of logs so normal log analysis tools will
> work on it
Where would /var/log/messages on bastion from 2009-03-01 exist?
> 5. Grouping the logs by type of service would also help look at
> group/service trending and issues. especially if an issue is only popping
> up on one box.
We can probably do this with symlinks
infrastructure mailing list