Sysadmin 101 for dummies (was Re: Reasons for ikeeping an MTA)

Sun Dec 25 00:03:43 GMT 2005

On 12/24/05, Scott Henson <scotth at csee.wvu.edu> wrote:
>
> Lukas Sabota wrote:
>
> >>
> > There needs to be some easy way of alerting the administrator of some
> > things that have been done using mail:
> > Failed login attemps (remote and local)
> > Failed backups
> > Important cron scripts failing.
> >
> I think there is a point where people are missing eachother at.  Things
> like the above would most likely be seen on a server using server type
> software that doesn't have a GUI and normal desktop users are not likely
> to see.  For the most part, the failed login attempts that your going to
> worry about(if your not paranoid and not living/working with people you
> don't trust) are those for remote services, and since Ubuntu doesn't
> have any of those by default the standard home user isn't going to need
> to worry about this.
>

I'll take a step back while trying to keep things simple and on perspective.

The 'Unix way' involves lots fo text files, and the logging system is no
exception. The mail system is also text-based, and it worked fine (until now
it seems). Errors on a Unix system have been successfully reported via log
files and/or email for decades. This is Good (tm).

The 'Unix way' is great for servers for lots of reasons. It allows
information to be stored in a readily readable way; it's chronologically
ordered; and it just works, because it depends very little on some obscure,
advanced or ill documented piece of software.

But today Linux is going mainstream, and clean text files do not cut it
anymore. Before we start to rip another page from the Windows handbook and
implement a lot of cute notifiers that do little to actually help things get
done, lets think about the real issues.

The log system is fine as it is. It centralizes the storage of all system
reporting stuff. What is missing is a clean, understable, and uniform system
for conveying that information to users that does not involve either
sendmail or 'tail -f <somelogfile>'. By the way I think reporting by mail is
fine, as long as it allows the user to actually receive the relevant
messages in their primary mail accounts and not on the root account of the
box they're supposed to be 'managing', but I digress.

Now, if each and every subsystem in a Unix/Linux box decides to implement
its own reporting system, we would soon end in a nightmare situation. Now,
instead of ripping a page from Windows (which manages not to be consistent
on this, and also not to have a good memory on
what-ever-happened-to-this-box), why not rip it from Unix itself? The log
system is just fine. What is needed is a high-level abstraction over the log
system - some tool that could convert log lines into notifications, and keep
track about whether people actually readed the notifications or not, etc.

In short: let's the log system do what it does well, that is to provide a
clean and uniform interface for software to report on events. Just build on
top of it. Let's build a graphical interface that does more than implement a
text-file viewer; let's implement some intelligence into it, in such a way
it can group and report related events, even if they come from several
independent sources. It could even mail reports about the system... but do
it in such a way that would give a chance to the system admin (or box owner)
to choose how to do it, and configure it properly.

Of course, things are not that easy. 'cron' is a special case, and I'm not
sure if it can be handled nicely. One idea: instead of sending email, cron
could log stuff via syslog. Regular script output would kill the log
structure (think /var/log/messages with long messages inserted), but a
separate logfile could take care of it. I think it's feasible but let's
see...

Well, that was my annual Xmas rant :-) Let's hope the New Years Day is a
more inspired one...

--
Carlos Ribeiro
Consultoria em Projetos
blog: http://rascunhosrotos.blogspot.com
blog: http://pythonnotes.blogspot.com
mail: carribeiro at gmail.com
mail: carribeiro at yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20051224/c12d5428/attachment.htm