[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: End of hypocrisy ?

On Thu, 7 Aug 2014 08:31:02 -0400
AW <debian.list.tracker@1024bits.com> wrote:

> On Thu, 7 Aug 2014 00:38:16 -0400
> Steve Litt <slitt@troubleshooters.com> wrote:
> 
>  > Software As A Service, with Web 2.0
> ...
>  > suggest a Google-hosted service
> 
> Actually this is precisely the opposite of my suggestion.  Using an
> externally stored database as I have listed would remove the need for
> an external provider, such as Google, for things like 'analytics'...
> and using a standards based sql package would allow extreme detail to
> be stored with very little effort. Once there exists a database of
> the information, there is no reason to store that database on the
> host.  Although there is no reason why it couldn't remain there as
> well.  The advantage of remote log storing and querying would remain
> even for a small 2 or 3 host home network.  If this was a common
> GNU/Linux package, open source routers, like buffalo, could include
> the ability to collect log information from hosts and email a local
> client if a host log indicates compromise --- thus perhaps
> preventing, and/or early detection of, problems like the Bitcoin
> mining botnet running on poorly configured but also open source NAS
> boxes, like Synology.
> 
> Seriously, if all logging is going to be dumped into a central binary
> -- it would be much more useful to dump the data into something that
> is logically searchable and can be scripted easily from bash using
> very simple:
> 
> pgsql -c "select $foo"
> 
> statements.  Systemd does this as is [almost]... but the command set
> to query the data is definitely not standard, nor easily
> discoverable.  An sql query-able database makes much more sense.  And
> it could be sqlite rather than postgresql.
> 
> --Andrew

Oh geez, I'm sorry, I thought your post was flippant sarcasm, so I did
what I thought was extending it. OK, you really do mean the log should
go into Postgres.

I don't necessarily disagree, but I very strongly believe its first
step should be to go to a text file with one line per event, or perhaps
some sublines. If that text file were designed correctly, perhaps with
field separators, it would be trivial to write a C or Python program to
input it into Postgres. I just want to make sure that I can read that
log on any Linux, BSD, or even (ugh) Mac and Windows.

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance
Reply to: