,------------------------------------------------------------------------------- | Frequently asked questions about metche `------------------------------------------------------------------------------- 1. How are the monitored Changelog files ($CHANGELOG_FILE or $CHANGELOG_DIR/*/Changelog) generated? With Emacs or Vim. They are written by *you*! They are an important part of the collective sysadmin process metche is supposed to simplify. 2. How is metche working, and what are the underlying concepts I have to understand? When called with the cron command line switch, metche verifies changes in the system state during the last $TESTING_TIME minutes. If any changes took place an "unstable state" is saved. Otherwise, a "testing state" is saved and a report is emailed to you. A mechanism exists to automatically turn a "testing state" into a "stable" one. See metche(8) for explanations. 3. How do I see the saved states list? Run "metche list". 4. I've broken my system, how can I see a report against a previous, system state, known as working? Run "metche report [{stable,testing,unstable}-YYYYMMDDHHMM]". If no saved state is specified, the most recently saved "testing state" is used as reference. 5. How do I create a "stable state" manually? Run "metche stabilize [testing-YYYYMMDDHHMM]". This turns the given "testing state", if specified, otherwise the one most recently saved, into a "stable state". 6. Why is metche filling my /var partition? First, metche needs to make backups of your "system state" in order to be able to provide you with changes reports. Whatever you do, metche *will* use some disk space (a few dozens megabytes on a typical server). Please note metche performs full, and not incremental, backups. But there are a few ways to limit the disk space metche uses. Here is the cookbook. a) Exclude some big files from the set monitored by metche. - Have a look to your metche backup files: # ls -l /var/lib/metche/*.tar.bz2 - If the average size for these files is greater than a few megabytes, you should investigate which file or directory (in $WATCHED_DIR) is guilty and use the EXCLUDES option to keep it out of metche's hands. b) Speed up the mechanism that automatically turns an "unstable state" into a "testing state", and a "testing state into a "stable" one. - First, let metche run for a while with its default TESTING_TIME and STABLE_TIME configuration values (the "for a while" meaning depends on how much nervous you get when you run 'df /var' every five minute; a few days is a bare minimum, a few weeks is better). - Then, have a look to the files metche has kept in $BACKUP_DIR; a simple 'metche list' is enough if you're not monitoring any VServer. - If there is a huge list of "unstable" but only few "testing" states, you can try lowering TESTING_TIME. If there are many more "testing" states than "stable" state, you can try lowering STABLE_TIME. It's better to only tweak one of these two parameters at a time. - Let metche run "for a while" again... and iterate. c) Still despaired? If this does not work for you, you might also have found a weird case that metche does not handle well, call it a bug or whatever you want; you should actually e-mail us (metche AT lists DOT riseup DOT net) the output of 'metche list', your configuration file (stripped from private information), and some information about the metche version you're running. 7. metche does not send us any report It could be an e-mail problem, but, more probably, one of your installed programs violates the FHS and writes one or more ever-changing files in /etc instead of /var. This prevents metche of turning any "unstable" state into a "testing" state, and therefore to send you any report. You can diagnose this by asking metche to generate a report against a recent unstable state, such as '# metche report unstable-latest'. If the output contains changed files you don't want to monitor, such as status files, add them to your EXCLUDES option in metche.conf, and wait. 8. metche sends us empty reports The change detection method is quick but not very accurate. E.g. a change to the mtime of a monitored file makes metche think changes need to be reported. In case you are receiving empty reports really often such as once every hour: most probably one of your installed programs frequently changes the ctime or mtime of a file in /etc without actually modifying its content. See the answer to question #7 for details. 9. How do I configure e-mail encryption when sending metche reports to my sysadmin collective? See the SECURITY section of metche(8). You might also be interested in Schleuder (http://schleuder.nadir.org/). 10. Why am I receiving metche reports as attachments with Content-Type: application/octet-stream? You are probably using heirloom-mailx as /usr/bin/mail. That program's charset conversion features depend on the current locale. You may either switch to bsd-mailx or set the LOCALE variable in metche.conf to something better suited than "C" to the charset(s) used in the Changelog and other monitored files.