Find the answer to your Linux question:
Results 1 to 5 of 5
Hi Guys, Is there a tool that can monitor a specified set of configuration files (such as my.cnf, vhosts.conf, php.ini, etc.) and log any changes made to these files (diff?) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6

    Need Tool to Manage Configuration Changes


    Hi Guys,

    Is there a tool that can monitor a specified set of configuration files (such as my.cnf, vhosts.conf, php.ini, etc.) and log any changes made to these files (diff?) with a datetime stamp of when the change occurred?

    We recently had a situation where one of our admins changed a file which later caused Apache to crash. It took us a few hours to figure out what had been changed. If the change had been automatically logged somewhere, it would have taken only a few minutes to get the server running again.

    Is there such a tool? Any suggestions or comments would be greatly appreciated.

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    What you need is a process for change control. If you want to monitor files for changes (originally designed for security purposes), tripwire is one app.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,439
    HROAdmin26 is right, monitoring file changes and managing configs are two different topics.

    What we do at my workplace:
    - The team of sysadmins commits config changes to a svn repository.
    - The changes in there are enforced on hundreds of machines via Puppet
    - Manual changes are against policy. If the OnCall admin is forced to do so (say, an emergency at 3am), then he needs to set things right in the svn repo/puppet the very next day

    If learning puppet (or any other config management system like cfengine) seems like an unneccessary step:
    - any change is documented. commented and logged
    - rollback is trivial
    - all machines are *guaranteed* to be setup equal
    - redeploy of a machine or adding machines to a pool is trivial as well
    You must always face the curtain with a bow.

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,439
    Additionally: with all configs in a svn repo
    - everyone is sure to work on the latest copy
    - setup of CVSTrac for that svn repo provides further visibilty
    You must always face the curtain with a bow.

  6. #5
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    Thanks for your responses. This gives me someplace to start looking.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •