Mark, That's great to hear about delta report collection. Nicolas' webdav idea is intriguing but, as you point out, I was concerned about growth.
Thanks, Justin -----Original Message----- From: Mark Burgess [mailto:mark.burg...@iu.hio.no] Sent: Monday, June 07, 2010 11:03 PM To: Nicolas Charles Cc: Justin Lloyd; help-cfengine@cfengine.org Subject: Re: Centralized report of repairs Careful, such a `push' approach is unlikely to scale to more than a couple of hundred machines. FYI, Nova 1.2 (scheduled for October) will take a delta approach to report collection and generation that will scale much better under pull for the full spectrum of reports. M Nicolas Charles wrote: > Hi Justin, > > I considered also this approach, but instead I've set up a webdav server > on a policy_server, and each client sending the reports on this webdav > entry point. Hence the client can send it when he knows it is suitable, > and the promises are much more easy to write > > Nicolas > > Justin Lloyd wrote: >> Hi all, >> >> I'd like to generate a report of all* changes Cfengine makes on systems >> for auditing and awareness purposes. If, for example, the same change is >> being made a lot on a system (e.g. fixing /etc/passwd permissions), then >> we would know something is wrong and could investigate it more deeply. >> >> Cfengine Nova (I don't know about community) logs local promise repairs >> to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a >> couple of example lines: >> >> Thu Jun 3 21:32:21 >> 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens >> ure /etc/resolv.conf file exists and is >> correct,/var/cfengine/inputs/dg.bundles.cf,262 >> Thu Jun 3 21:34:16 >> 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure >> user's authorized_keys file contains remote user's public >> key,/var/cfengine/inputs/dg.ssh_keys.cf,98 >> >> I was thinking of having each policy server fetch the nova_repair.log >> from all of its hosts each day prior to rotation and generating a >> summary report that is easily skimmable by humans. However, before I >> start really diving into such an approach, I was wondering if anyone has >> been wanting or doing something similar. >> >> Thanks, >> Justin >> >> *By "all" I would filter out a lot of standard changes, like those done >> by Nova's generate_reports.cf. >> >> > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine -- Mark Burgess ------------------------------------------------- Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 ------------------------------------------------- This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
