-
Is it possible to create a "general" log monitoring facility
or toolkit that requires configuration (rather than re-coding) to solve
most problems, and is thus easily usable by novice system administrators?
-
What features should such a facility or toolkit contain?
-
Can templates (possibly sets of regexes -- or, better,
SNOBOL patterns) be used to handle differences in logging formats and methods
between applications (e.g. sendmail, Apache, tcpdump, etc.)?
-
Existing generalized log monitors are primitive, but provide
some implementation ideas. They include:
-
What changes need to be made to syslogd to make such a
facility useful and reliable?
-
Can such a general facility become a distinguishing feature
of BSD UNIX-based operating systems?
|