[OpenAFS] Re: Proposed changes for server log rotation
Jason Edgecombe
jason@rampaginggeek.com
Sat, 04 Dec 2010 11:17:22 -0500
On 12/04/2010 10:38 AM, Chas Williams (CONTRACTOR) wrote:
> In message<20101203155612.e7a694f5.adeason@sinenomine.net>,Andrew Deason writes:
>
>> On Fri, 3 Dec 2010 13:00:37 -0500
>> chas williams - CONTRACTOR<chas@cmf.nrl.navy.mil> wrote:
>>
>>
>>> On Fri, 3 Dec 2010 10:53:08 -0600
>>> Andrew Deason<adeason@sinenomine.net> wrote:
>>>
>>>
>>>> Why lose the logs? It's already annoying enough when I get told a
>>>> "vos release" failed and there's no record of the "vos" output.
>>>> That's going to make my life difficult when someone can't remember
>>>> when or what they salvaged by hand.
>>>>
>>> are you sure you dont want auditing instead of attempting to use the
>>> logs to reverse engineer what happened.
>>>
>> ? An audit log may tell me what command was issued, but won't tell me
>> what the salvager actually salvaged (or why it did _not_ salvage
>> something), or what it did to which vnodes, etc.
>>
> it still isnt clear to me that i should expect the standard tools to
> tell me what someone else did. i can understand wanting to see what
> some tool might have done automatically because of a restart (or some
> other failure).
>
> if your other admin cant remember what he did, perhaps he should be
> an admin. if the other admin cant tell you what he did, perhaps he
> shouldnt be an admin. logging isnt meant to solve 'social' issues.
>
> yes, this seems draconian but the only solution is audting/logging inside
> the servers of all the commands so you can completely reconstruct what
> the other admins are doing. some people might like this but it really
> seems like too much to me.
(...re-sent to list...)
Some organizations, like banks, are required to have audit trails for
many operations. I don't know the regulations, but these logs might not
be just for social reasons. In some industries, draconian might be
considered a desirable feature.
Jason