On Sun, Jul 14, 2013 at 02:29:54PM -0400, Brenda J. Butler wrote: > > > On Sun, Jul 14, 2013 at 10:46:10AM -0400, Peter Sjöberg wrote: > > On 07/13/2013 10:55 PM, Brenda J. Butler wrote: > > > > > > I'm curious why nagios/munin are overkill. I think they exactly match > > > your requirements. > > My requirement is not monitoring - that is managed in a different way. > > My problem is that something happened and I need to find out what and > > why. While nagios can alert that the load is high on a server it would't > > say exactly why and when I get to the system the cause may be gone. > > Ah ... How about argus then: http://argus.tcp4me.com/. I haven't used > it (much) myself. I first heard about it in relation to forensics - > some custmoer of the person describing it had installed it a few years > before an incident, and when the incident happened the investigator > had all the info s/he needed because argus had been quietly saving all > kinds of data. > > I see the pages describe it as "monitoring" now, but I guess you don't > have to turn on alerts if you already have monitoring software. > > bjb ---end quoted text--- Well on closer look, it seems argus is more for network auditing. http://www.qosient.com/argus/ Although I'm not sure if this is the same project as the one above ... but it's more likely to be the one I read about a couple of years ago. nagios does keep a database of historical records - and hate to say it but this is the sort of thing that log files are for. Why can't you have log files? (no need to answer to me ... this is a question for your employer/customer) Log records can go to a log server on a separate machine, in case space/confidentiality is an issue. bjb