[OpenAFS] Re: Proposed changes for server log rotation
Sat, 04 Dec 2010 11:17:22 -0500
On 12/04/2010 10:38 AM, Chas Williams (CONTRACTOR) wrote:
> In message<email@example.com>,Andrew Deason writes:
>> On Fri, 3 Dec 2010 13:00:37 -0500
>> chas williams - CONTRACTOR<firstname.lastname@example.org> wrote:
>>> On Fri, 3 Dec 2010 10:53:08 -0600
>>> Andrew Deason<email@example.com> wrote:
>>>> Why lose the logs? It's already annoying enough when I get told a
>>>> "vos release" failed and there's no record of the "vos" output.
>>>> That's going to make my life difficult when someone can't remember
>>>> when or what they salvaged by hand.
>>> are you sure you dont want auditing instead of attempting to use the
>>> logs to reverse engineer what happened.
>> ? An audit log may tell me what command was issued, but won't tell me
>> what the salvager actually salvaged (or why it did _not_ salvage
>> something), or what it did to which vnodes, etc.
> it still isnt clear to me that i should expect the standard tools to
> tell me what someone else did. i can understand wanting to see what
> some tool might have done automatically because of a restart (or some
> other failure).
> if your other admin cant remember what he did, perhaps he should be
> an admin. if the other admin cant tell you what he did, perhaps he
> shouldnt be an admin. logging isnt meant to solve 'social' issues.
> yes, this seems draconian but the only solution is audting/logging inside
> the servers of all the commands so you can completely reconstruct what
> the other admins are doing. some people might like this but it really
> seems like too much to me.
(...re-sent to list...)
Some organizations, like banks, are required to have audit trails for
many operations. I don't know the regulations, but these logs might not
be just for social reasons. In some industries, draconian might be
considered a desirable feature.