On Sun, Jul 14, 2013 at 10:46:10AM -0400, Peter Sjöberg wrote: > On 07/13/2013 10:55 PM, Brenda J. Butler wrote: > > > > I'm curious why nagios/munin are overkill. I think they exactly match > > your requirements. > My requirement is not monitoring - that is managed in a different way. > My problem is that something happened and I need to find out what and > why. While nagios can alert that the load is high on a server it would't > say exactly why and when I get to the system the cause may be gone. Ah ... How about argus then: http://argus.tcp4me.com/. I haven't used it (much) myself. I first heard about it in relation to forensics - some custmoer of the person describing it had installed it a few years before an incident, and when the incident happened the investigator had all the info s/he needed because argus had been quietly saving all kinds of data. I see the pages describe it as "monitoring" now, but I guess you don't have to turn on alerts if you already have monitoring software. bjb