Hi,
I think we have several logging classes within the OpenCA system:
a. system operations log, e. g.:
- daemon startup/shutdown
- client connect/disconnect
b. system monitoring events
- infrastructure availability status (database, HSMs, cluster peers...)
- data monitoring (e. g. remaining validity of existing CRLs and
maybe some important certificates)
- (critical or fatal) system errors
- security violations
c. object manipulation audit trail
- authentication events
- any object manipulation as induced by users or admins
- (private key usage counter?)
(d. debug information)
In my opinion it is a good idea to use the Unix Syslog for logging
system operations log.
For the audit trail we already have a database table (which is
currently not used, as far as I can see).
System monitoring should be flexible enough to allow integration
into various monitoring systems.
Debugging can produce a lot of information, so it should go to
a target that can handle the amount of data. Syslog is problably
not appropriate here. (A ring buffer might be nice for this.)
That being said, I think it should be possible to define a
class interface that provides an easy to use interface for all
these classes to the application and that has (preferably
exchangable) backends for each logging class. (This is particular
important for the monitoring integration.)
Maybe we should have a look if we can find some interesting
Logging package on CPAN before designing one ourselves (haven't
done this yet).
cu
Martin
--
Cynops GmbH Dipl.-Ing. Martin Bartosch http://www.cynops.de
Kirchgasse 10c mobile: +49 (0)172 6614304 mail: [EMAIL PROTECTED]
61449 Steinbach/Ts. fon: +49 (0)6171 6981803 fax: +49 (0)6171 6981809
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
