[OpenAFS] Proposed changes for server log rotation

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 02 Dec 2010 22:57:12 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB1C04BB5C45F253F1EB05B64
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 12/2/2010 10:45 PM, Russ Allbery wrote:
> Jeffrey Altman <jaltman@secure-endpoints.com> writes:
>=20
>> Of course that requires that there be a log rotation tool.  I don't
>> think that OpenAFS by default should fill the disk partition simply
>> because it is permitted to run for years without restarts and the admi=
n
>> has not configured a log rotation tool.
>=20
> This is the main reason why I think syslog logging should be the defaul=
t
> for new installations somehow.  I do realize that there are bad syslogd=
s
> in some places, and if one wants full audit logging and debugging some
> syslogds can't cope.  And I don't want to force syslog on people who
> really don't want it, nor do I really want to change behavior on upgrad=
es
> very badly.
>=20
> But every UNIX system has syslog out of the box, and every other major
> open source server application that I can think of other than Apache an=
d
> Java applications uses syslog by default, precisely because it's alread=
y
> set up to do something sane, rotate logs, etc.  That's been the case fo=
r
> decades.  AFS has always been exceptionally weird in that it does its o=
wn
> (somewhat annoying) logging rather than using the facility everyone els=
e
> uses.
>=20
> And we just don't log that much stuff by default.  If you're turning on=

> huge amounts of logging, you may want to switch to something special, b=
ut
> for the amount of stuff we log by default, syslog would be perfectly fi=
ne
> and would probably make it much easier for server administrators to fin=
d
> the logs (since they'd be in the same place they look for logs for
> everything else they run).

My one concern to switching to something like syslog by default is that
"bos getlog" will need to be re-implemented in a different fashion.




--------------enigB1C04BB5C45F253F1EB05B64
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJM+GqaAAoJENxm1CNJffh4ToUIAICQmT29vOg+WQG270deaAIr
h0lsJmxBHq8QUUl+savfS1QONTguP8i4h+3EFWpUftvsq2tTbvKT2A1Zh4/se2ER
PEGSnTEaQH0Cc0ukafC5po8/aksKZFOq7hIctzQUa3QtOLt4Fa/fpkabAXR1wiIF
Qmf2T9B61pUrknz2rJOFkKF8U8cyHSJ0Tr2r603X73ybLa9MXZcloztyuOj+X9HM
cH9AGVsSMvKT9n5VQolV/OWMNfUkgEV97MPlrk64lGADmnVuzqjPX2LQ1e6Nv+xh
FhK3kOVGgoChmJlB/d39RddsFhUSw1XLmrbkXYwt8h5bhrNGygb+P43kR9DosSo=
=4FVg
-----END PGP SIGNATURE-----

--------------enigB1C04BB5C45F253F1EB05B64--