[OpenAFS] Re: Proposed changes for server log rotation

Derrick Brashear shadow@gmail.com
Sat, 4 Dec 2010 13:07:58 -0500


>> it still isnt clear to me that i should expect the standard tools to
>> tell me what someone else did. =A0i can understand wanting to see what
>> some tool might have done automatically because of a restart (or some
>> other failure).
>>
>> if your other admin cant remember what he did, perhaps he should be
>> an admin. =A0if the other admin cant tell you what he did, perhaps he
>> shouldnt be an admin. =A0logging isnt meant to solve 'social' issues.
>>
>> yes, this seems draconian but the only solution is audting/logging insid=
e
>> the servers of all the commands so you can completely reconstruct what
>> the other admins are doing. =A0some people might like this but it really
>> seems like too much to me.
>
> (...re-sent to list...)
>
> Some organizations, like banks, are required to have audit trails for man=
y
> operations. I don't know the regulations, but these logs might not be jus=
t
> for social reasons. In some industries, draconian might be considered a
> desirable feature.

plus, we have auditlogs now which if not commands do tell you who executed =
what
when.