[OpenAFS] Re: Proposed changes for server log rotation

Jason Edgecombe jason@rampaginggeek.com
Sat, 04 Dec 2010 11:17:22 -0500

On 12/04/2010 10:38 AM, Chas Williams (CONTRACTOR) wrote:
> In message<20101203155612.e7a694f5.adeason@sinenomine.net>,Andrew Deason writes:
>> On Fri, 3 Dec 2010 13:00:37 -0500
>> chas williams - CONTRACTOR<chas@cmf.nrl.navy.mil>  wrote:
>>> On Fri, 3 Dec 2010 10:53:08 -0600
>>> Andrew Deason<adeason@sinenomine.net>  wrote:
>>>> Why lose the logs? It's already annoying enough when I get told a
>>>> "vos release" failed and there's no record of the "vos" output.
>>>> That's going to make my life difficult when someone can't remember
>>>> when or what they salvaged by hand.
>>> are you sure you dont want auditing instead of attempting to use the
>>> logs to reverse engineer what happened.
>> ? An audit log may tell me what command was issued, but won't tell me
>> what the salvager actually salvaged (or why it did _not_ salvage
>> something), or what it did to which vnodes, etc.
> it still isnt clear to me that i should expect the standard tools to
> tell me what someone else did.  i can understand wanting to see what
> some tool might have done automatically because of a restart (or some
> other failure).
> if your other admin cant remember what he did, perhaps he should be
> an admin.  if the other admin cant tell you what he did, perhaps he
> shouldnt be an admin.  logging isnt meant to solve 'social' issues.
> yes, this seems draconian but the only solution is audting/logging inside
> the servers of all the commands so you can completely reconstruct what
> the other admins are doing.  some people might like this but it really
> seems like too much to me.

(...re-sent to list...)

Some organizations, like banks, are required to have audit trails for 
many operations. I don't know the regulations, but these logs might not 
be just for social reasons. In some industries, draconian might be 
considered a desirable feature.