bjorn@sysadm.UUCP (Bjorn Satdeva) (04/18/88)
We have started the design and development of a new system administration packages for medium and large size Unix sites. The package is intended to support and/or automate the daily work of administrating a Unix site. The main goal is to provide tools for the administrator who already knows Unix well, although we will most likely add a front-end with some kind of intelligence. We want to provide the best possible tool, and would therefore like to have suggestions from the net, to what the packages should include. Please e-mail your comment or suggestions directly to me. I will post a summary to the net if there is enough interest. Bjorn Satdeva /sys/admin, inc uunet!sysadm!bjorn
pinard@odyssee.UUCP (Francois Pinard) (04/27/88)
This will be my first wide posting. We'll see if it works (:-) In article <103@sysadm.UUCP> bjorn@sysadm.UUCP (Bjorn Satdeva) writes: >The package is intended to support and/or automate the daily work of >administrating a Unix site. The main goal is to provide tools for the >administrator who already knows Unix well, although we will most likely >add a front-end with some kind of intelligence. > >We want to provide the best possible tool, and would therefore like to >have suggestions from the net, to what the packages should include. Surveying all logs each day is a tedious job. So I made a set of several scripts to automate reports and checks I would have done with my eyes anyway, but exhausting a lot of time. A report is automatically generated and mailed to me each night. But the scripts are somewhat configuration dependent and would require careful generalization to make them portable in a useful way. About the particular aspect of automatic analysis of logs, I consider important, in a sysadm reporting package, to: 1) keep an overall picture of the system load and usage, daily. 2) spotcheck any irregularities within a short delay, say one day. The main approach for 2) is to have, for each log, filters that match and remove "normal" sequence of events. What remain after removal requires human analysis and is sent to me, possibly after slight reformatting. I implemented several of simple sequence recognitions, which make the report useful to me. But I would also need more sophisticated analysis relating events and cross-checking logs, and I have done almost nothing so far in that direction. A first version of "surveil" (the name of the package) was implemented by a lot of sh, sed and awk scripts. A second version, which will progressively replace the first, in my backgroud tasks, is getting rid of sh, sed and awk and uses only Perl scripts. You probably know that Perl encompasses all three previous "languages". A third version, if I ever tackle it, would probably be an extension of the second for more sophisticated analysis of "normality" cases - I would maybe use some Prolog for implementing this, if it is affordably fast. The real dream would be to connect all of this to our natural language generation system, from semantics to sentences (which is the main speciality of the team here). Anyway. The current state of "surveil" is an heteroclitous mix of sh, sed, awk and Perl, oriented towards my very specific conception of normality and towards our system configuration. I would like to see a general, encompassing, free package for system administration to include a generalization of "surveil" objectives. >Please e-mail your comment or suggestions directly to me. I will post >a summary to the net if there is enough interest. I just felt like adding my grain of salt in a more general forum, and maybe getting feedback myself. I'm sure almost every sysadm has a lot of self developped tools. Btw, "surveil" is not suited nor ready to distribution. But I would not hesitate to send it on a personnal basis (you were warned :-) to anyone that feels like having it, BUT as long as the result of any of your work in the same direction would be available to the community at no charge. I'm getting GNU minded, presumably. -- Francois Pinard "Vivement C.P. 886, L'Epiphanie (Qc), Canada J0K 1J0 pinard@odyssee.uucp GNU!" (514)588-4656; Odyssee R.A.: (514)279-0716