<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
2. Performing RCAs (<a href="mailto:foo7775@comcast.net">foo7775@comcast.net</a>)<br>
<br><br>
<br>
Message: 2<br>
Date: Wed, 15 Apr 2015 17:36:55 +0000 (UTC)<br>
From: <a href="mailto:foo7775@comcast.net">foo7775@comcast.net</a><br>
Subject: [clue] Performing RCAs<br>
To: "list, CLUE" <<a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a>><br>
Message-ID:<br>
<<a href="mailto:1006413404.4981382.1429119415076.JavaMail.zimbra@comcast.net">1006413404.4981382.1429119415076.JavaMail.zimbra@comcast.net</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi all,<br>
<br>
I'm hoping to get some good suggestions on how I might be able to improve my ability to perform root cause analysis when problems occur. At the moment, my primary method is to go through logs (/var/log/messages, etc.) in the hope that something might be logged that will let me say "OK, _this_ is what caused the service to stop/the problem to occur/etc." - but as many of you know, all too often, there simply isn't anything logged. I am aware of the historical data provided by the 'sar' utility, & that's definitely helpful up to a point, and I've tried to start an effort to ensure that 'sysstat' & 'collectl' are installed on all of our production servers, but I'm fairly sure that many of you know a number of other things that would be helpful to me.<br>
<br>
One thing that's really frustrating to me is that the management team will often insist upon knowing the cause for an event, when (from everything I can tell) there's simply *nothing* there to say why it occurred. I'm hoping that a number of you might be able to help me drastically reduce the number of times I have to say "I don't know why <foo> occurred."<br>
<br>
Thanks all,<br>
<br>
T.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://cluedenver.org/pipermail/clue/attachments/20150415/1ea73b4a/attachment-0001.html" target="_blank">http://cluedenver.org/pipermail/clue/attachments/20150415/1ea73b4a/attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
clue mailing list<br>
<a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
<br>
End of clue Digest, Vol 51, Issue 11<br>
************************************<br>
</blockquote></div><br><br>Hi T.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I'd be more than happy to walk you through some sample events, specifically, real life stuff, that has happened to me/the company I've worked for in general.</div><div class="gmail_extra"><br></div><div class="gmail_extra">There are a bunch of things that need to line up, and that's why a Incident Response Plan (IRP) needs to be built. </div><div class="gmail_extra"><br></div><div class="gmail_extra">Something that covers point of contacts, to logging, to incident analysis needs to be fully documented and fully implemented. </div><div class="gmail_extra"><br></div><div class="gmail_extra">That is the short story of it all, but I'd be more than willing to go into more details with you.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks</div><div class="gmail_extra"><br></div><div class="gmail_extra">Mike<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Mike</div></div>
</div></div>