Garrett D'Amore wrote: > Also, right now, these applications will see the link up/down messages > in the syslogs, and they can take whatever action they feel is > appropriate when the syslogs indicate that such action is necessary.
I think you are missing the point. Sure, one could do all that extra work to figure out what is really happening after they see an obfuscated and truncated teaser message in syslog. But why should we go out of our way to make things harder for admins? Better that we ensure that we record useful and relevant info, especially when we have it at our fingertips at the time. What is syslog for? Why do we even log messages - heck, if a sysadmin really wanted to know about the state of the system, they could just use dladm, ifconfig, ping, traceroute, snoop, SNMP traps, dtrace and truss. After all, if you don't know how to use those tools, you should be banished to a Linux system where you are forced to use GNUtar with Bash :-) Have you ever used Splunk (www.splunk.com) to manage a system? If not, stop reading this and go get a free copy and play with it. It isn't the only or best way to admin complex systems, but it shows what can be done with simple logfile analysis. Combining web logs with syslog (with ...) lets me do the root cause analysis to find out WHY a problem is happening - even if the problem itself wasn't obvious at the time. Please find a way to keep this useful info in the network interface messages. The cost of putting it there will be significantly (IMHO several orders of magnitude) smaller than the time and effort saved at only one customer site by having it there. Yes, this implies that the network drivers will all need a similar set of kstats (or whatever) for this to work; also a small effort when compared to the benefits. -John
