good console bases sys monitors

[Christopher Browne]

I rather wish that Conky was designed such that its output could be captured
so as to be accessible either remotely or on console/stdout/syslog.

Sadly, Conky is really a workstation-oriented thing.  I'd probably use it if
I weren't on tiling window managers that make it useless in the "background"
sense.

What I'd rather see is an event processor tool.  Syslog (and successors) are
part of the right direction, but not perfect.

I find it useless for logs to fill with zillions of repeats of the same
issue.  I had /var/log/messages fill with .5k of CDROM gripes 5x/second.
Not information.  When it filled my disk, it was, itself a DOS "attack"
(albeit one not intended as such).

The MVC "thing" would be to have an event processor.  Receives events from
all sorts of places.

A collector would logs "raw" verbose events, IF ASKED.

A collector would store logs "cooked" to summarize a fair bit would make
better 'default' for /var/log fodder.  A 3GB log file is almost never useful
for anything :-(.

Processors/collectors that summarize and add those as further events: fine
thing.

Processors that interpret/correlate other events...  "ooh...  This looks
like a remote attack.  Oops.  That's maybe a DDOS?  Oh dear, OOM and things
are caving in."

Conky-ish rules to report events of interest would be pretty useful,
especially if the report can aggregate across hosts.  That's more on the
"view" side.
-- 
Christopher Browne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20100801/6942e363/attachment.html>