Minutes of the Birds of a Feather (BoF) session at the SANE conference
2000 at Maastricht, the Netherlands. The BoF was planned for 45
minutes but the last people left the room only after 1.5 hours!Present in total 30 people including:Eric Allman, CTO Sendmail, Inc.Evi Nemeth, CAIDA projectJim Reid, Sr Consulting Engineer NominumTeus Hagen, NLnet FoundationWytze van der Raay, NLnet FoundationFrances Brazier, NLnet FoundationJoost van Baal, Gerrit Nijhuis, Edwin Groothuis, Anton Holleman, Peter
Huisken, Jan Stap all working for LogReportPeter Huisken presented the slides covering the objective of the LogReport
organization, the technical architecture, the implementation and the future
plans. The presentation was interactive and very stimulating. We also had a
good laugh now and then especially when Eric Allman proudly showed his
orange "madasafish.com" t-shirt, which he got from Jim Reid.During and after the presentation the following questions were answered:Q: Is it possible to combine multiple services in one reportA: Yes this is possible. It is also possible to generate a report about
services running on multiple machinesQ: Is it possible to get reports over a certain timeslot (day, hour etc)A: Yes this is possibleQ: What about the online responder and privacy of the logfile contentsA: The online responder is a proof of concept. We do not expect that people
will use the facility for security sensitive production data. The software
is open source and available for download so one can build its own private
report production line.Q: What about another file format besides dlf like MRTG or other reporting
tools?A: We will study MRTG and RRDTool in more detail (Edwin Groothuis
actually followed a RRDTool course during the conference). Tools
like Cricket are more focusing on real time reporting. We focus on
reporting afterwards.Q: Do you plan graphical presentation of the data?A: Yes we want to include that in the package and are thinking of
integration with RRD.Q: Do you plan to use XML or SGML?A: We plan to introduce XML at the output so that reports presented in XML
can be processed again. The next step will be to use XML for the dlf format.
There are some doubts about the performance to generate reports from it but
we will certainly try it in combination with XML. The last step will be to
use XML for the log files but this is up to the product developers to
deliver.Q: Did you study the use of other tools? For instance the tools at
www.linuxlinks.com/Software/Monitoring?A: We certainly have a close look at tools that already exist.Q: How do you deal with rejected messages by sendmail?A: One of the fields in the dlf format for email is the status. The status
covers the successful delivery but also all error conditions like 'host
unknown'.Q: What do you do with information that is needed for the report but that is
not present in the logfile?A: You cannot always get what you want but you need to get what you need.
:-). If a product does not log all fields required for the dlf format the
keyword unknown is inserted by the convertor. The report engine can
obviously not report on those fields.Q: How flexible is your report engine?A: The report engine can be used through a very rich command line interface.
Nothing is fixed.Q: How much time does it cost me to add a report?A: Adding a report means writing a relatively simple PERL program. A few
hours of programming can already give you a nice report.Q: What mathematics are available? Do you have for instance standard deviation?A: Yes we can deal with that. On request we can always add mathematical reports.