Backup Central

Hi,

I'm trying to write a python script for nagios rsnapshot monitoring. I
have noticed that log format in error and warning states are
different:

16/Apr/2012:13:17:01] /usr/bin/rsnapshot hourly: ERROR: Lockfile
/var/run/rsnapshot.pid exists and so does its process, can not
continue

[19/Apr/2012:10:26:28] WARNING: /usr/bin/rsnapshot hourly: completed,
but with some warnings

Wouldn't it be better to make log lines to have same format, in other
words either ERROR shod be put between date and script name, or
WARNING should be put after a script name.

I would vote for 1st option as it closer matches nagios plugin requirements.

Liutauras

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

On 19 April 2012 11:55, Liutauras Adomaitis
<liutauras.adomaitis < at > gmail.com> wrote:
16/Apr/2012:13:17:01] /usr/bin/rsnapshot hourly: ERROR: Lockfile
/var/run/rsnapshot.pid exists and so does its process, can not
continue

[19/Apr/2012:10:26:28] WARNING: /usr/bin/rsnapshot hourly: completed,
but with some warnings

Wouldn't it be better to make log lines to have same format, in other
words either ERROR shod be put between date and script name, or
WARNING should be put after a script name.

I would vote for 1st option as it closer matches nagios plugin requirements.

This makes perfect sense. And while fixing this could we please
have ISO 8601 date format (yyyy-mm-dd)?

BR Håkon Løvdal

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

And while fixing this could we please have ISO 8601 date format (yyyy-mm-dd)?

Seconded!

On 04/24/2012 08:56 AM, Håkon Løvdal wrote:
On 19 April 2012 11:55, Liutauras Adomaitis
<liutauras.adomaitis < at > gmail.com> wrote:
16/Apr/2012:13:17:01] /usr/bin/rsnapshot hourly: ERROR: Lockfile
/var/run/rsnapshot.pid exists and so does its process, can not
continue

[19/Apr/2012:10:26:28] WARNING: /usr/bin/rsnapshot hourly: completed,
but with some warnings

Wouldn't it be better to make log lines to have same format, in other
words either ERROR shod be put between date and script name, or
WARNING should be put after a script name.

I would vote for 1st option as it closer matches nagios plugin requirements.
This makes perfect sense. And while fixing this could we please
have ISO 8601 date format (yyyy-mm-dd)?

BR Håkon Løvdal

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

On Tue, Apr 24, 2012 at 1:35 PM, Derek Simkowiak <derek < at > simkowiak.net> wrote:
 And while fixing this could we please have ISO 8601 date format (yyyy-mm-dd)?
    Seconded!
On 04/24/2012 08:56 AM, Håkon Løvdal wrote:
On 19 April 2012 11:55, Liutauras Adomaitis
<liutauras.adomaitis < at > gmail.com>  wrote:
16/Apr/2012:13:17:01] /usr/bin/rsnapshot hourly: ERROR: Lockfile
/var/run/rsnapshot.pid exists and so does its process, can not
continue
[19/Apr/2012:10:26:28] WARNING: /usr/bin/rsnapshot hourly: completed,
but with some warnings

Wouldn't it be better to make log lines to have same format, in other
words either ERROR shod be put between date and script name, or
WARNING should be put after a script name.

I would vote for 1st option as it closer matches nagios plugin requirements.
This makes perfect sense. And while fixing this could we please
have ISO 8601 date format (yyyy-mm-dd)?

BR Håkon Løvdal

Rsnapshotters:

I don't expect the radical logging changes this suggestion might imply
(a _lot_ of work), but check out the 'semantic logging' stuff Splunk
is pushing:

http://dev.splunk.com/view/SP-CAAADP5
http://blogs.splunk.com/2010/09/29/rob-das-discusses-semantic-logging-video/
http://dev.splunk.com/

Please consider it if, and only if, large changes is logging are being
considered.

And consider the 'yyyy-mm-dd' date format "thirded".

Troy

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

On Tue, Apr 24, 2012 at 2:22 PM, Troy Johnson <troy < at > jdmz.net> wrote:
On Tue, Apr 24, 2012 at 1:35 PM, Derek Simkowiak <derek < at > simkowiak.net> wrote:
 And while fixing this could we please have ISO 8601 date format (yyyy-mm-dd)?
    Seconded!
On 04/24/2012 08:56 AM, Håkon Løvdal wrote:
On 19 April 2012 11:55, Liutauras Adomaitis
<liutauras.adomaitis < at > gmail.com>  wrote:
Wouldn't it be better to make log lines to have same format, in other
words either ERROR shod be put between date and script name, or
WARNING should be put after a script name.
Rsnapshotters:
 http://dev.splunk.com/view/SP-CAAADP5
 http://blogs.splunk.com/2010/09/29/rob-das-discusses-semantic-logging-video/
 http://dev.splunk.com/
Troy



Forgot the most important link:

http://dev.splunk.com/view/logging-best-practices/SP-CAAADP6

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

On Tue, Apr 24, 2012 at 02:22:33PM -0500, Troy Johnson wrote:

I don't expect the radical logging changes this suggestion might imply
(a _lot_ of work), but check out the 'semantic logging' stuff Splunk
is pushing:

http://dev.splunk.com/view/SP-CAAADP5
http://blogs.splunk.com/2010/09/29/rob-das-discusses-semantic-logging-video/
http://dev.splunk.com/

We used Splunk for grovelling over the logs for iPlayer when I was
working at the BBC. It's awesome, and I recommend it. That said, it's
not really aimed at applications like rsnapshot: rsnapshot simply
doesn't produce enough log data for Splunk to be particularly useful.

But if you've got a few gigabytes of logs being generated a day, then
you need to either use Splunk, or just turn the logging off - there's no
point in logs that you won't ever use!

--
David Cantrell | Godless Liberal Elitist

Stepped on something soft and wobbly.
Struck a match.
Found it was a dead Chinaman.

-- Sir George Scott

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

On Tue, Apr 24, 2012 at 05:56:08PM +0200, H?kon L?vdal wrote:

And while fixing this could we please
have ISO 8601 date format (yyyy-mm-dd)?

Changing the date/time format is easier than changing the order of
things in log lines ... done:
http://rsnapshot.cvs.sourceforge.net/viewvc/rsnapshot/rsnapshot/rsnapshot-program.pl?r1=1.431&r2=1.432

Or at least, done for anything that uses the get_current_date function.
I couldn't find any other places that the current time is mentioned so
hopefully that's everything.

Note that it still uses *local* time like the old code did. My own
strong preference is to use UTC for absolutely everything everywhere as
it is unambiguous, easily sortable and easy to compare, especially if
you've got rsnapshot running on machines in different timezones. This
would be easy to change, if people think it's worthwhile. It does not,
however, merit a config option!

--
David Cantrell | Minister for Arbitrary Justice

More people are driven insane through religious hysteria than
by drinking alcohol. -- W C Fields

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

My own strong preference is to use UTC for absolutely everything everywhere as it is unambiguous

I strongly disagree with this proposed "feature".

Syslog, Apache, and pretty much everything else use localtime (based on the system's locale setting). Rsnapshot shouldn't be the only thing that uses zulu time for logs.

If you want to use UTC "for absolutely everything everywhere", then set your locale to UTC. That way Rsnapshot, and everything else under /var/logs/, will be in UTC. Most importantly, they'll all match. (One company I worked for had staff and customers on 5 different continents. They required that all servers have the system locale set to UTC. It worked great.)

I would not be opposed to adding the locale's timezone to the log lines, the way Apache does. Either something like " -0700" for GMT -7hrs, or else the timezone name like " PST". However, that is unnecessary as far as I am concerned (Syslog does not do it by default).


Thanks,
Derek Simkowiak

On 04/24/2012 02:45 PM, David Cantrell wrote: On Tue, Apr 24, 2012 at 05:56:08PM +0200, H?kon L?vdal wrote:

And while fixing this could we please
have ISO 8601 date format (yyyy-mm-dd)?

Changing the date/time format is easier than changing the order of
things in log lines ... done:
http://rsnapshot.cvs.sourceforge.net/viewvc/rsnapshot/rsnapshot/rsnapshot-program.pl?r1=1.431&r2=1.432

Or at least, done for anything that uses the get_current_date function.
I couldn't find any other places that the current time is mentioned so
hopefully that's everything.

Note that it still uses *local* time like the old code did. My own
strong preference is to use UTC for absolutely everything everywhere as
it is unambiguous, easily sortable and easy to compare, especially if
you've got rsnapshot running on machines in different timezones. This
would be easy to change, if people think it's worthwhile. It does not,
however, merit a config option!