,-------------------------------------------------------------------------------
| Frequently asked questions about metche
`-------------------------------------------------------------------------------
1. How are the monitored Changelog files ($CHANGELOG_FILE or
$CHANGELOG_DIR/*/Changelog) generated?
With Emacs or Vim. They are written by *you*! They are an important
part of the collective sysadmin process metche is supposed to simplify.
2. How is metche working, and what are the underlying concepts I have to
understand?
When called with the cron command line switch, metche verifies changes in
the system state during the last $TESTING_TIME minutes. If any changes
took place an "unstable state" is saved. Otherwise, a "testing state" is
saved and a report is emailed to you.
A mechanism exists to automatically turn a "testing state" into
a "stable" one. See metche(8) for explanations.
3. How do I see the saved states list?
Run "metche list".
4. I've broken my system, how can I see a report against a previous, system
state, known as working?
Run "metche report [{stable,testing,unstable}-YYYYMMDDHHMM]".
If no saved state is specified, the most recently saved "testing state"
is used as reference.
5. How do I create a "stable state" manually?
Run "metche stabilize [testing-YYYYMMDDHHMM]".
This turns the given "testing state", if specified, otherwise the one most
recently saved, into a "stable state".
6. Why is metche filling my /var partition?
First, metche needs to make backups of your "system state" in order to be
able to provide you with changes reports. Whatever you do, metche *will* use
some disk space (a few dozens megabytes on a typical server). Please note
metche performs full, and not incremental, backups.
But there are a few ways to limit the disk space metche uses. Here is
the cookbook.
a) Exclude some big files from the set monitored by metche.
- Have a look to your metche backup files:
# ls -l /var/lib/metche/*.tar.bz2
- If the average size for these files is greater than a few megabytes,
you should investigate which file or directory (in $WATCHED_DIR) is
guilty and use the EXCLUDES option to keep it out of metche's hands.
b) Speed up the mechanism that automatically turns an "unstable state" into
a "testing state", and a "testing state into a "stable" one.
- First, let metche run for a while with its default TESTING_TIME and
STABLE_TIME configuration values (the "for a while" meaning depends on
how much nervous you get when you run 'df /var' every five minute;
a few days is a bare minimum, a few weeks is better).
- Then, have a look to the files metche has kept in $BACKUP_DIR; a
simple 'metche list' is enough if you're not monitoring any VServer.
- If there is a huge list of "unstable" but only few "testing" states,
you can try lowering TESTING_TIME. If there are many more "testing"
states than "stable" state, you can try lowering STABLE_TIME.
It's better to only tweak one of these two parameters at a time.
- Let metche run "for a while" again... and iterate.
c) Still despaired?
If this does not work for you, you might also have found a weird case that
metche does not handle well, call it a bug or whatever you want; you
should actually e-mail us (metche AT lists DOT riseup DOT net) the output
of 'metche list', your configuration file (stripped from private
information), and some information about the metche version you're
running.
7. metche does not send us any report
It could be an e-mail problem, but, more probably, one of your installed
programs violates the FHS and writes one or more ever-changing files in /etc
instead of /var. This prevents metche of turning any "unstable" state into
a "testing" state, and therefore to send you any report.
You can diagnose this by asking metche to generate a report against a recent
unstable state, such as '# metche report unstable-latest'. If the output
contains changed files you don't want to monitor, such as status files, add
them to your EXCLUDES option in metche.conf, and wait.
8. metche sends us empty reports
The change detection method is quick but not very accurate. E.g. a
change to the mtime of a monitored file makes metche think changes
need to be reported. In case you are receiving empty reports really
often such as once every hour: most probably one of your installed
programs frequently changes the ctime or mtime of a file in /etc
without actually modifying its content. See the answer to question
#7 for details.
9. How do I configure e-mail encryption when sending metche reports to my
sysadmin collective?
See the SECURITY section of metche(8).
You might also be interested in Schleuder (http://schleuder.nadir.org/).
10. Why am I receiving metche reports as attachments with
Content-Type: application/octet-stream?
You are probably using heirloom-mailx as /usr/bin/mail. That program's
charset conversion features depend on the current locale. You may
either switch to bsd-mailx or set the LOCALE variable in metche.conf to
something better suited than "C" to the charset(s) used in the Changelog
and other monitored files.