I'm sitting in a meeting when I worked in an enterprise environment with our systems guys and the boos. Examples are the best so I'll tell one of many stories that sold me on monitoring. I can't tell you how many organizations I've been to that will complain to no end about how crappy their gear, network or life is but have 0 monitoring. My MikroTik's are not chatty at all with default syslog settings so in reality you can probably go pick up a Raspberry Pi, a 16gb SD card, an Ethernet cable and some duct tape and tape it under someones desk and be at least twice as good at troubleshooting. If you can afford 800 MikroTiks you can afford a hard drive to cram an awful lot of syslog onto. Also, a 8TB SATA drive costs $230 on Amazon here in the US. Any decent syslog server will let you rotate logs to match the size of disk available. Any organization of any size especially int the business of providing network services should have at least a syslog server and a SNMP based monitoring solution. Two features, not asking the world of the developers for that. Ability to clear logs locally / manually if needed.Basic on-box log management functionality should be brought up to par with equivalent products. I'm with pe1chi and the log clearing camp on this one. Possible to overwrite them in the memory and disk logs. There should be an option to never log usernames on failed logon attempts. When you accidentally enter the password where it asks for the username, it is logged and kept in a place where When using different systems where sometimes the username is already specified in the (ssh or ftp) command clearing the log: sometimes one can get out of sync when typing usernames and passwords, especially I usually don't even log to disk, only to memory. This way, the built-in logging system can be kept simple. That you want and have the features that you like (including storing all logs in a searchable "database" more Messages that are sent before the network comes up, but on the other hand you can select the syslog software Of course logging over the network means you won't get logs about networkĭisconnections that would be forwarded over that same connection, and you also miss some of the startup When you want to do nonstandard things with logging especially for debugging and monitoring I recommend Then you can do what you actually need to do.Įdit: If I really wanted to hide any malicious actions I could just reboot it which would clear the log anyway. It drops you, and then when you log in again it tries to do the same thing again and again until you are lucky enough to be able to close the log window. Some scripting errors don't print any output to the log even if critical failures occur and it's easy to confuse results.Ģ) When debugging issues over a really crappy Internet line, I've noticed that sometimes the log is so overbearing that when you connect in Winbox it tries to load the last months logs it causes the connection to disconnect. It has happened in the past where I've confused a previous runs results with the latest runs result when there is actually a flaw in the script causing it not to run at all. It would help a great deal if the log only shows the information that is useful to me at this point in time. Two reasons I can think of, both have affected me over the last few days:ġ) For debugging purposes I really don't care about the history at this particular moment in time and would like to clear the log, try something and look at a minimized version of the log that hasn't been filled by my previous 2994 attempts at debugging.
0 Comments
Leave a Reply. |