<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div>Sounds great, thank you Mike. I'll contact you off-list to see if we can maybe arrange a workable time.<br></div><div><br></div><div>I'd also welcome any info that anyone else might have.<br></div><div><br></div><div>T.</div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Mike" <mikedawg@gmail.com><br><b>To: </b>"CLUE's mailing list" <clue@cluedenver.org><br><b>Sent: </b>Wednesday, April 15, 2015 12:07:05 PM<br><b>Subject: </b>Re: [clue] 12216-RNA-A00<br><div><br></div><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
2. Performing RCAs (<a href="mailto:foo7775@comcast.net" target="_blank">foo7775@comcast.net</a>)<br>
<br><div><br></div>
<br>
Message: 2<br>
Date: Wed, 15 Apr 2015 17:36:55 +0000 (UTC)<br>
From: <a href="mailto:foo7775@comcast.net" target="_blank">foo7775@comcast.net</a><br>
Subject: [clue] Performing RCAs<br>
To: "list, CLUE" <<a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a>><br>
Message-ID:<br>
<<a href="mailto:1006413404.4981382.1429119415076.JavaMail.zimbra@comcast.net" target="_blank">1006413404.4981382.1429119415076.JavaMail.zimbra@comcast.net</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi all,<br>
<br>
I'm hoping to get some good suggestions on how I might be able to improve my ability to perform root cause analysis when problems occur. At the moment, my primary method is to go through logs (/var/log/messages, etc.) in the hope that something might be logged that will let me say "OK, _this_ is what caused the service to stop/the problem to occur/etc." - but as many of you know, all too often, there simply isn't anything logged. I am aware of the historical data provided by the 'sar' utility, & that's definitely helpful up to a point, and I've tried to start an effort to ensure that 'sysstat' & 'collectl' are installed on all of our production servers, but I'm fairly sure that many of you know a number of other things that would be helpful to me.<br>
<br>
One thing that's really frustrating to me is that the management team will often insist upon knowing the cause for an event, when (from everything I can tell) there's simply *nothing* there to say why it occurred. I'm hoping that a number of you might be able to help me drastically reduce the number of times I have to say "I don't know why <foo> occurred."<br>
<br>
Thanks all,<br>
<br>
T.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://cluedenver.org/pipermail/clue/attachments/20150415/1ea73b4a/attachment-0001.html" target="_blank">http://cluedenver.org/pipermail/clue/attachments/20150415/1ea73b4a/attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
clue mailing list<br>
<a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
<br>
End of clue Digest, Vol 51, Issue 11<br>
************************************<br>
</blockquote></div><br><div><br></div>Hi T.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I'd be more than happy to walk you through some sample events, specifically, real life stuff, that has happened to me/the company I've worked for in general.</div><div class="gmail_extra"><br></div><div class="gmail_extra">There are a bunch of things that need to line up, and that's why a Incident Response Plan (IRP) needs to be built. </div><div class="gmail_extra"><br></div><div class="gmail_extra">Something that covers point of contacts, to logging, to incident analysis needs to be fully documented and fully implemented. </div><div class="gmail_extra"><br></div><div class="gmail_extra">That is the short story of it all, but I'd be more than willing to go into more details with you.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks</div><div class="gmail_extra"><br></div><div class="gmail_extra">Mike<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Mike</div></div>
</div></div>
<br>_______________________________________________<br>clue mailing list: clue@cluedenver.org<br>For information, account preferences, or to unsubscribe see:<br>http://cluedenver.org/mailman/listinfo/clue</div><div><br></div></div></body></html>