Help understanding some Lire conceptual issues

[Jim Lancaster]

[snip]

>  Completely off-topic:

Man are we ever!  

[snip]

> 	I lived in central Oklahoma for much of my childhood, 
> the rest of 
> which was spent in places like Manhattan Kansas, Knoxville & 
> Murfreesboro Tennessee, and Wilmington North Carolina.  Most of my 
> family is in the west to middle Tennesse region.  My wife and her 
> family are from San Antonio.  So, I am intimately familiar with 
> accents.

Wow. Not only an American, but a fellow southerner! I'm from the Gulf
Coast region. (Pensacola FL, Jackson MS, New Orleans LA, Lafayette LA,
and now Dallas TX) Some of the accents are so thick here in the south
even I have to work to understand them.  I pity the non-native English
speaker visiting these parts and trying to communicate using standard
English. <g> OTOH, my high school French teacher used to tease me that
she'd never heard French pronounced with a southern accent. <bg>

> 	That said, I have been told that I have relatively 
> little in the 
> way of accent myself.  But let me go back to Tennessee for a week, and

> I'm almost as bad as they are.

My accent was tempered by a mother from California and a father who
despised words like "ain't" and double-negatives ("I ain't got
nothing.") However, like you, I very quickly and unconsciously take on
the accent of those I'm speaking with.  My wife can always tell when
I've been speaking to my aunt and uncle in Austin.  She calls it my
"aw-shucks" accent, and it usually takes a day or so to wear off.  BTW,
my wife is from Wiemar, TX.  Your wife probably knows where it is--It's
in the German country between San Antonio and Houston.

[snip]

> 	I used to work for a Dutch consulting company, and I was 
> continually trying to get them to give me language lessons in proper 
> Dutch down here in Brussels (as opposed to Flemish), and they were 
> never able to find someone who was able to do that.

Do you speak French, Flemish, or Dutch?  How did you wind up in
Brussels?

[snip]

> what is your  
> > general configuration?  Do you have Lire running on the same box as 
> > the  services generating the logs?  Or are you using some method to 
> > move the  logs to the Lire server?  Do you have multiple 
> Lire servers?
> 
> 	I am not currently employed, although I am working on 
> setting up 
> my own consulting company, and I also have a book idea I'm working 
> on, as well as a booklet idea for SAGE (the System Administrators 
> Guild), and I may decide to try to become a full-time author.  I do 
> have a whole gaggle of machines downstairs in my basement, but I have 
> not yet had the time to get them all installed and configured, etc....

Another starving author? <g> I'm a member of SAGE as well. Let us know
when to look for a publication.

[snip]

> 	What I would recommend is the same sort of thing.  Set up a 
> central log processing system, and move the logs from all the various 
> systems on the network to that machine, where they can be processed 
> by lire or other tools.  That central log processing machine could 
> also be part of an operational, real-time, network monitoring and 
> management system, using tools like nagios, rrdtool, Net-SNMP, etc....

I've already got a server designated for logging.  The current platform
is Windows (gasp!). I went this way because the Adiscon tools I'm using
are mostly Windows apps.  (BTW, I am a huge fan of Rainer Gerhards &
staff at Adiscon www.adiscon.com. Rainer has published a bunch of stuff
on syslog, BEEP protocol, and logging in general.) I added Apache, MySQL
and perl+CGI to the mix to allow me to create my own reports and put a
web front-end on it.  (BTW, if you'd like to see my server, I can set it
up.  The server will not allow connections directly from the Internet,
but if you send me your public ip address off-line, I will configure
Apache to let you in.  Joost, did I handle this correctly?)

BTW, I've looked at Nagios, rrdtool, an interesting little php app
called 'Cacti', cricket, and just about every other open-source NMS I
could get my hands on.  I've also worked a great deal with WhatsUpGold,
which is actually quite good at what it does.  However, ALL of the
aforementioned products share one huge limitation for me as an MSP:
They are designed from the single-enterprise perspective. There is no
easy way to adapt them for use in a multi-company/customer environment.
There is no easy way to allow one customer to see their data and only
their data.

Another huge limitation is that nearly all rely on "pull" rather than
"push" technology to gather the data to be analyzed. The NMS server
originates the polling process and pulls data in from the remote
devices.  If a device is only remotely accessible via the Internet, a
VPN must be setup and maintained to allow the server to poll the remote
device.  VPNs are, quite frankly, a management nightmare, and in order
to use them all of the remote devices must--even if natted--reside on
uniquely addressed subnets. (Imagine how many companies out there are
using 192.168.0.0/24 or 10.0.0.0/24 subnets.)

However, if the NMS were to rely on agents that "push" data back to a
central server, think of the possibilities: (1) No firewall issues -
most networks do not restrict outbound traffic, so no changes need to be
made to the firewall. (2) No security issues - there is no hole in the
firewall to allow polling in; the polling data rides a one-way street
back to the NMS. (3) Reduced burden on the NMS server - The cpu cycles
required to support polling are gone. These are just a few of the
advantages that come quickly to mind.

Obviously, the use of agents introduces other issues that have to be
addressed like software updates and configuration changes, but I think
these can be managed much easier than the limitations just mentioned.

[snip]
> >  I can believe it, but isn't the DFL concept a step/leap in 
> the right  
> > direction?
> 
> 	Yes.  Note that lire is moving away from using a common central 
> log format, and into a database model themselves.  However, I believe 
> that they are going about this in an intelligent manner, and this 
> will be a further improvement over what they have today.

Very exciting news.  I think I can tackle the data collection, however
the analysis and reporting requires much greater "smarts." I would like
to be able to rely on (or at least build upon) the work of others for
this.

[snip]

Thanks for your insight.

Jim


***************** Announcement *****************
We are pleased to announce that we have officially changed our name to Sagiss, LLC. Please update my e-mail address and contact information in your records to reflect our new domain name, "sagiss.com."
Our mailing address and phone numbers will remain the same.

To find out more, please visit our website: http://www.sagiss.com, or call us at 214-989-0440

-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org