[Osiris-devel]logging design help

Brian Wotring brian at shmoo.com
Fri Aug 9 23:27:31 EDT 2002 

Here are some thoughts and questions for how to tackle logging.  It's 
important and I don't want it to be done as an afterthought, I think 
it's very necessary to no screw this up for an app like Osiris.  There 
are two modules involved here --the scanning daemon, and the management 
daemon.

[scanning daemon]

No log file will be used, only syslog.  The scanning daemon doesn't have 
a config file, so I purpose a simple logging level scheme by which you 
set via command line arguments.  This would be something like -l <level> 
where level is something like 0,1,2,3 ( none, low,medium,high ).  All 
log statements in the code are assigned a level.  I think this is a very 
simple and effective logging mechanism for this daemon, it can be 
implemented with not much pain.


[management daemon]

Two types of logging, host level logging, and management level logging.  
The management level pertains to the management daemon itself.  Host 
level is a set of logs for each host, stored in the host's directory, 
under /logs.

For management level logging, there will be two log files, "access.log" 
and "error.log", similar to apache.  The access log will contain only 
log events pertaining to communication with management apps ( CLI, 
GUI ).  The error log will contain error log events related to things 
like loading of certs/keys, unauthorized connection attempts, 
unrecognized requests, restart events, events related to dealing with 
the local host repository, etc.  In the conf file for the management 
daemon ( osirismd.conf ) there will be options to set the location where 
these two log files will be stored, and what level of logging should be 
done ( low, medium, high ).  The logging level could also be specified 
on the command line when launching the daemon, that would override the 
level in the conf file, for that instance.

For host based logging, there will also be an access, and error log for 
each host.  These files will be stored under a logs directory in the 
management daemon's host repository, alongside the databases and configs 
for that host.  The logs will work in the same way that the they do for 
the management daemon, only the events will be related to a particular 
host, mostly communication with the scanning daemon.

Questions:

1. Is this even close to being a good direction to go in as far as logs?j
2. The management daemon can easily have their logs put in /var/log, for 
example, but what about the host logs?  Is it bad that they are under 
the repository, most likely somewhere like 
/usr/local/osirsis/hosts/<host>/logs ??

3. What about rotating logs?  Is that something that should certainly be 
done by the daemon?  Is it something that can wait for a future release?
4. Is host based logging even a good idea?  What is the best way to 
balance the performance of managing hundreds of hosts with respect to 
having open file descriptors?

I'm not a sys admin, but I pretend to be one at home so I'm a bit 
confused as to whether or not I'm thinking correctly here.  I don't know 
how I one would  ideally like to deal with logs like this.

--
     Brian Wotring  ( brian at shmoo.com )
     PGP KeyID: 0x9674763D

More information about the osiris-devel mailing list