Help understanding some Lire conceptual issues

Jim Lancaster jlancaster at sagiss.com
Thu Mar 4 00:49:33 CET 2004 

I run a managed service provider in Dallas,TX,USA.  We manage mostly
small networks of 50 seats, or so, for dozens of clients.  The
individual client networks cover the whole range from Windows to Linux
to Netware, and as one might imagine, the devices generate logs of all
shapes and sizes. I have evaluated numerous products to help us collect
and analyze log files before I found the Lire project.  All had their
limitations.  Now, after spending a day or so in the Lire documentation,
I have a few questions--mostly conceptual stuff.

1. The DLF concept is positively, absolutely brilliant.  Who is
responsible for maintaining the core DLF schemas?  Forgive me, I come
from the Windows world, but I note no DLF for Windows event logs.  I
also see nothing for tape backup logs, or anti-virus logs.  Has anyone
in the lire community asked about these before?  Has anyone attempted to
provide them?

2. The idea of mailing raw log files to an analyzing/reporting engine is
also a stroke of genius. It completely by-passes the messy issues of log
collection and storage.  Since useful output is the primary objective,
by-passing vast chunks of the input side allowed the developers to focus
on productive results.  There is a saying, 'The objective is to cross
the river, not build the bridge'.  I cannot think of a clearer example
of this philosophy in execution. But (and there is always a butt, no?)
by not providing for log storage, generating reports across extended
periods apparently gets complicated.  From what I can see weekly,
monthly, quarterly reports are possible, but the process is not nearly
as elegant as the rest of Lire.  Am I missing something?

3. As mentioned, we manage the networks of many clients.  Consolidating
reports on a 'per/client' basis and/or generating consolidated reports
across all clients has stumped all of the commercial products we've
tried to use.  Almost all network management products maintain a
'single-enterprise' view of the devices being managed.  Any attempts to
add multi-customer support are usually ugly and problematic.  Lire
appears to bypass this issue entirely by returning a completed report to
the e-mail address that requested it.  But what if one wants to setup a
'report server' containing a single report repository, complete with
links to all of the reports generated by Lire?  Has anyone ever
discussed creating a 'Lire report portal' before?

But I go on too long.  Please forgive me. I have been immersed in trying
to solve my logging problems for months.  When I found Lire, I felt like
I finally found others who really understood the issues.  I have much
yet to learn.

Jim


***************** Announcement *****************
We are pleased to announce that we have officially changed our name to Sagiss, LLC. Please update my e-mail address and contact information in your records to reflect our new domain name, "sagiss.com."
Our mailing address and phone numbers will remain the same.

To find out more, please visit our website: http://www.sagiss.com, or call us at 214-989-0440

-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list