[Pkg-nagios-devel] Bug#479330: Bug#479330: log rotation, still an issue

Daniel Pocock daniel at pocock.pro
Tue Dec 2 09:17:49 UTC 2014


On 02/12/14 10:00, Alexander Wirt wrote:
> On Tue, 02 Dec 2014, Daniel Pocock wrote:
>
>> This is still an issue that catches people by surprise when they get a
>> Nagios alert about their disk filling up and then they find Nagios
>> itself is to blame.
>>
>> Marc, you state in your previous comment "History is important"
>>
>> - is the history data in these log files any more important than the
>> history in any other standard log file under /var/log ?
> Yes. It is used for history, otherwise you won't have availability reports.
> People will get very upset if their reports lose data (I know this from
> customer experience).


I realize this is more an upstream issue than a Debian maintainer issue,
but could that data be summarized the way it is with weblog analysis
tools and then the raw log files deleted?


>
>> - if this historic data is essential for Nagios to perform its duties
>> accurately (e.g. for some kind of reporting), is it really suitable for
>> /var/log at all or should it be in /var/lib or /var/cache ?
> It is after all: a logfile.

There is more than one way to think about logs.

The data needed for reporting is not log data, it is "business" data for
this particular application.

E.g. many financial applications log data about debits and credits. 
These are not logged under /var/log because they are fundamental to the
business purpose of the application.  The same financial application may
log less significant things under /var/log, e.g. the time the server
started and stopped, times when the database was unavailable and a
transaction was not processed.  The logs of functional activities (such
as debits and credits), however, would be under /var/lib or in a
database that uses /var/lib

>> - if just some subset of the log data is important should that be logged
>> to a separate file or /var/lib ?
> No, the whole line gets parsed.

What I mean by subset is that some lines may not be needed

E.g. if somebody has ganglia-nagios-bridge running and they haven't
mapped all the services that it discovers in Ganglia, their log will
contain lines like this:

[1417511526] Warning: Check result queue contained results for service
'Free space opt' on host 'thp010', but the service could not be found! 
Perhaps you forgot to define the service in your config files?

These lines are not used for historic availability reporting and this is
the type of thing that could be discarded as part of log rotation.



More information about the Pkg-nagios-devel mailing list