Hi All,
> Subject: Questions about APEL
> Date: Mon, 25 Apr 2005 16:03:15 +0100
> From: Byrom, R (Rob) <[log in to unmask]>
> To: Antonis Zissimos <[log in to unmask]>
> I believe it's not necessary to backup any log files indefinitely. As
> you mention, the Apel will store a copy of log file data within its own
> database and can republish this to the GOC if necessary. I think this
> advice was initially given to site admins when the Apel was first being
> deployed (at a time when we weren't fully confident the Apel was bug
> free and so having a backup copy of log files was seen as useful thing
> to have).
Now *i* am confused. What "log files" are being discussed here -- the
gatekeeper logs, or the APEL logs? You want to be able to answer a
question like the following:
'at 10.50 GMT on 26/07/2005 a burst of IP traffic originating from
your site was detected, aimed at disabling incoming ftp traffic on
javasrv.web.sun.com. This burst lasted for approximately 20 minutes and
was traceable to your site's router box, but no further (NAT?)'
or
'a file was found on your site containing a list of credit card
numbers, owned by uid/gid 'alice031/alice' and created on 04-07-2006.
please either identify the culprit's identity or have your lawyers
contact us. Love, MasterCard.'
Can the APEL log file / database be used to answer these questions?
A gatekeeper log file will go a long way here ...
J "send those card numbers now" T
> As mentioned above, data is stored within a local database at the site
> so the Apel can resend its log data to the GOC (if any corruption
> occurs). However, to recover from db corruption for a particular site,
> the site admin should backup the local mysql db using the mysqldump
> utility.
>
> Dave may like to comment on this as well, but I think the FAQ should be
> updated to avoid this confusion.
>
> Rob
>
|