On Wed, 2003-01-08 at 19:50, David Champion wrote:
I like things that are easy to parse with shell and awk scripts. E.g.:
Login: username 1.2.3.4:1025 5.6.7.8:143 imaps,compressed Logout: username 1.2.3.4:1025 5.6.7.8:143 imaps,compressed in:1000 out:1000000 [whatever SSL summary data is available]
I like seeing both the source and destination sockaddrs. (Why not run two instances on different interfaces?) In fact, I like seeing both hostname and ip address, and an indicator if a reverse map doesn't match, but that's probably just me.
Hmm. I'm not sure about the destination address. Destination port would be useful, but I don't personally care about seeing the address. Probably not worth doing it optionally either. Guess I'd add it then.
DNS lookups then .. Not by default, and rather not with having to distribute some DNS library. I don't see any simple way to do that. Also only IPv6 capable async DNS library I know of is patched libadns.
It would also be nice for perf. anal. to know how much I/O to storage (disk) was performed by the imap process, but I don't imagine those figures are presently available anyway.
Not very easily, especially about the indexes since they're just mmap()ed and accessed randomly. Reading the mailbox files is more possible, but probably not worth the trouble. Maybe that could be done in OS-level by some existing patch?
That's just an illustration; it doesn't matter to me whether it's like that particularly. I just want to show what I mean by ease of parsing -- whitespace-separated fields, well-known field values, related flags and such compounded within fields. The whole line structure should be well-known and not require perl or sscanf()s or such; scripts should be able to extract a lot of data from these quickly.
Yes, agreed. I just tend to forget this :)
I think the only configuration needed would be if to log login, logout or both.
That's generous. :) I'd always want both, and can't imagine not wanting both, but I suppose some might prefer less.
I don't care about the I/O or time used in those small systems that I use. Login might not be very useful to others who only wish to see the stats, not who has most recently logged in. Of course disabling logins could hide some of them if the process crashes.
I actually wouldn't mind seeing more optional logs -- for example, logout-like summaries for folder accesses (when users change folders). This can help in balancing storage devices when folders can reside on multiple devices.
In an ideal world, everything would be loggable, but not everything would be logged.
Want to give a larger list that you'd think would be useful to log? I can't think of many user actions that'd be worth logging. There's already rawlog for logging _everything_ :)