[wellylug] hating on the Logwatch

Daniel Pittman daniel at rimspace.net
Wed Mar 4 14:59:10 NZDT 2009 

Spiro Harvey <spiro at starforge.net.nz> writes:
>> Seriously, I can't warn you against logwatch strongly enough: it is
>> built around the worst possible model of log monitoring.
>
> Please explain.

I did; you cut the next two paragraphs where I wrote:

    The design is to go through and tell you things.  All sorts of
    things, none of which you care about, because you want to know about
    all the routine operations that your server carried out.

On reviewing this I see that, in error, I misstated myself: I intended
to say "...because you *DON'T* want to know...", reversing the sense of
my comment.  Darn.

    I am yet to find an installation of logwatch that the emails are
    not, after a week or two, ignored by the admins because the noise to
    signal ratio means that they get *nothing* out of them.


Anyway, was there some part of that explanation that wasn't
comprehensive enough, or was otherwise unclear?  That seems likely,
given the context and my error.

> It's not actually a monitor, it's really just a log reporting tool. It
> will troll your logs and give you a summary of what happened in the
> last day (or whatever period you've defined).
>
> So I can see how you would think it's the world's worst log monitor as
> that isn't its purpose. But perhaps I'm misinterpreting your
> interpretation of monitoring. :)

Well, I can see that you might not have the same view of monitoring that
I do, so that objection might be valid.

In any case, in my view log analysis and log monitoring are more or less
the same process from different viewpoints: monitoring is the action,
analysis is the outcome.


In any case I could equally well state my objection to logwatch as a log
analysis tool: it focuses on the wrong area, working hard to highlight
routine and correct operation of the server, without effective tools to
identify or analyse exceptions.

In this it generates vast quantities of noise that, in my experience,
inevitably leads to the humans these reports are delivered to ignoring
them, making what little useful information the contain even less
relevant.

Regards,
        Daniel

More information about the wellylug mailing list