Help understanding some Lire conceptual issues

Joost van Baal joostvb at logreport.org
Thu Mar 4 20:07:15 CET 2004 

Hi Jim,

On Wed, Mar 03, 2004 at 05:49:33PM -0600, Jim Lancaster wrote:
> 
> 1. The DLF concept is positively, absolutely brilliant.  Who is
> responsible for maintaining the core DLF schemas?

Well, we're talking about Free Software here, so: you are.  ;-)

Otoh, in the Lire ChangeLog (online at
http://download.logreport.org/pub/current/ChangeLog ), you can see who
has been working on what file.  (Francis, Wolfgang, Wessel and I are the
latest ones hacking on the *2dlf files: these are the logfile to DLF
convertor scripts).  These people are all LogReport foundation people,
see http://logreport.org/about/team.php .

> Forgive me, I come
> from the Windows world, but I note no DLF for Windows event logs.  I
> also see nothing for tape backup logs, or anti-virus logs.  Has anyone
> in the lire community asked about these before?  Has anyone attempted to
> provide them?

Not publically, as far as I know.

> 2. The idea of mailing raw log files to an analyzing/reporting engine is
> also a stroke of genius. It completely by-passes the messy issues of log
> collection and storage.  Since useful output is the primary objective,
> by-passing vast chunks of the input side allowed the developers to focus
> on productive results.  There is a saying, 'The objective is to cross
> the river, not build the bridge'.  I cannot think of a clearer example
> of this philosophy in execution. But (and there is always a butt, no?)
> by not providing for log storage, generating reports across extended
> periods apparently gets complicated.  From what I can see weekly,
> monthly, quarterly reports are possible, but the process is not nearly
> as elegant as the rest of Lire.  Am I missing something?

A Lire Store configuration interface is planned in upcoming Lire 1.5,
see http://logreport.org/lire/roadmap-2.0.php.  Does this answer your
question?

> 3. As mentioned, we manage the networks of many clients.  Consolidating
> reports on a 'per/client' basis and/or generating consolidated reports
> across all clients has stumped all of the commercial products we've
> tried to use.  Almost all network management products maintain a
> 'single-enterprise' view of the devices being managed.  Any attempts to
> add multi-customer support are usually ugly and problematic.  Lire
> appears to bypass this issue entirely by returning a completed report to
> the e-mail address that requested it.  But what if one wants to setup a
> 'report server' containing a single report repository, complete with
> links to all of the reports generated by Lire?  Has anyone ever
> discussed creating a 'Lire report portal' before?

I am not aware of a public implementation.  However, it's very well
possible people have made such things privately, customized to their
specific needs.  Since the reports are generated using an XML backend,
customizition and integration in a portal-like set up should be
relatively easy.

> But I go on too long.  Please forgive me. I have been immersed in trying
> to solve my logging problems for months.  When I found Lire, I felt like
> I finally found others who really understood the issues.  I have much
> yet to learn.

If you're interested in generic logging issues, next to LogReport, you
should check out http://www.loganalysis.org/ .

Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20040304/1368341d/attachment.bin

More information about the Questions mailing list