On Fri, 5 Apr 2002, Nev wrote:
> I do this already just using log files a perl script and a 5 min cronjob > .... just my 2 cents :) That gives you information after the fact. And relies on two other separate infrastrucutres; perl and cron - to run reliably and timely when the system is in dire need. The true power of build in SNMP instrumentation is detailed information on what is happening -now- to see load surges and trouble *before* it is an operational problem - and have people alterred before you break your SLA. Ideally your agent is deeply tied into either the app or the kernel of the system - has pre allocated all resources (so that a low on memory or file descriptors is not going to stop it from having reliable info). As a bonus - the whole network design of SNMP is reasonable robust and quite likely to get through a congested network. And then there is the little matter of push -> i.e. active notification - and the ability to reconfigure live; i.e. do an SNMP set to for example enable/disable a costly feature - lock out an abusing IP address, scale logging up or down and so. All in all I would not want to mix logging-after-the-fact for audit purposes and historic information with real-time information and real-time management interaction. Dw.