On Sun, 7 Jun 2020 13:59:47 +0200 Johnny Billquist <b...@update.uu.se> wrote:
> You are thinking simple metrics, which is a rather user centric item. > I was trying to make that point before. > > Think instead of things like reports on what binaries have been > replaced in the system. How could you ever graph and aggregate such > information? Depends really on what information you want to see. You could graph the number of binaries for each machine, or the number of suid/sgid binaries that got replaced, change in size before/after, etc. Some data may not be numeric, i.e. ssh or httpd logs, but you could configure the tools to grep for particular events or error codes and flag them. You can extract numeric data, i.e. how many ssh users log in/out per day, how long their sessions last, or how many failed login attempts happen, etc. You can probably do this to some extent with email, but it's not as flexible with regard to data mining and pattern visualisation. In my previous role, I frequently had to sift through various system logs trying to figure out why system performance was suboptimal and trust me, manually grepping through log files is no fun and wastes a huge amount of time. I don't want to be looking at these logs/messages in my email. I view email as a very simple tool for receiving short messages and emergency alerts, not for daily system monitoring and trouble shooting. Of cause if you're only interested in short messages and alerts, then email is quite sufficient. But I get the feeling this style of system administration has probably outlived much of its usefulness.
