[Logcheck-devel] Integrating rules from other packages back into logcheck

Wed Jun 8 10:55:25 UTC 2005

On Sat, 04 Jun 2005, Eric Evans wrote:

> On Sun, Jun 05, 2005 at 12:57:24AM +0100, Jamie L. Penman-Smithson muttered these words:
> I understand the problem better now, but I still think the proposed 
> solution is a little rash for a first step.

you haven't proposed an alternative, have you?

> I'm not questioning motivations, I am asking you to take a step back and
> look at it objectively. Could we do something different in order to make
> things easier on others and achieve the same or better results?

todays log message are easily understood by someone either reading
manpage or docs of the existing daemon.

> Do you submit bug reports for issues not pertaining to logcheck? If so,
> do you ever submit patches with these reports? How would you respond to
> a maintainer that felt the rules he was including were the rightful 
> domain of his package and not logcheck? What if he didn't trust us to 
> determine what output was appropriate to exclude?

i did submit bug reports for external rules,
it takes _ages_ to get them update.
maintainers even manage to badly apply patches.

if he doesn't trust us, he can build his own database from scratch.

> What makes you assume that "they" don't already understand regular
> expressions? What makes you think they don't care about logcheck rules?

the way they are handled.

> I would argue that if they took the time to include a set of rules in
> their package that they *do* care. I also have a great deal of 
> confidence in the abilities of Debian maintainers, and I refuse to 
> believe that regular expressions are beyond the capabilities of everyone
> *except* the logcheck devel team.

regex(7) is not hard to understand i agree.
but the usual merged out of tree rules are not by the maintainer themself
but by random bug submitters.
we better know how to handle those.

> Bugs are incorrectly assigned to the wrong package all the time, I
> really don't see this as a valid reason. If it is really that much of a
> burden, I will volunteer to personally follow up on all incorrectly 
> assigned bugs.

how do you want to do this? it does not scale to check _all_
debian packages for eventually submitted logcheck rules.

> I don't think logcheck was ever really designed to accommodate this. 
> However, I am not specifically arguing in favor of having the rules 
> installed from other packages as much as I am arguing in favor of 
> engaging other maintainers, and encouraging them to take some ownership
> of the rules that are related to the packages they maintain.

i didn't find much that makes it worth it.

anyway if we don't find an agreement we can still move to d-devel,
to get the view of the broader audience.

logcheck should run well on logservers and it doesn't today,
i see that a major flaw of the current design.

also logcheck doesn't matter that much these days,
if you want to be warned of important log message
you use some "realtime" syslog-ng rules, where you
get the message instantly.

nevertheless it's nice to get the overview every hour of what
your park is doing especially for not that urgent stuff.

--
maks