On Thu, 18 Aug 2005 10:53:25 +0200, Vincent van Scherpenseel <invalid> wrote:
....that you know of...
Normal and predictable behavior, yes.
Couple of thoughts. On a basic level, you could get your logging by
instituting sudo on your servers - all work done as root is logged in
that manner. The logs aren't the most human readable but they're
There's a commercial product called "BladeLogic" (named strangely as it
has nothing to do with specifically blade servers, but there you go)
which we'll most likely be putting in place next year here, for our
100+ unix boxes. It has all the logging, rollback, things like "change
the encryption on all apache instances in the DMZ" type logic, and a ton
of other stuff. Scheduling as well. They'll come out & give you the
dog&pony show; we had the demo and it looks pretty good. A friend of
mine went to work for them and he's pretty cynical generally, but he's
very enthused about this; for a while after he went there he'd call and
tell me "Hey, you know that quarterly patching you guys do? I've got a
module that does it hands-off", and so on. Looks like a solid tool,
and not obscenely expensive.
Yup. Same reasons we went looking for something else, and when budget
allows (next fiscal year) we'll most likely go with it.
Likewise; we prefer open source for several reasons, and I'd love to
hear about other options as well. But, sometimes, buying a commercial
package makes sense.