Re: A tool like "logwatch" for a log server

To: debian-isp@lists.debian.org
Subject: Re: A tool like "logwatch" for a log server
From: Steve Kemp <skx@debian.org>
Date: Fri, 14 Sep 2007 16:36:31 +0100
Message-id: <[🔎] 20070914153631.GA10256@steve.org.uk>
In-reply-to: <[🔎] 46EAA9A9.9050909@rollernet.us>
References: <[🔎] 46EAA1EF.40608@cathedrallabs.org> <[🔎] 291AD6E8-E0F1-48F3-8CAC-68693084540F@nosignal.org> <[🔎] 46EAA9A9.9050909@rollernet.us>

On Fri Sep 14, 2007 at 08:32:57 -0700, Seth Mattinen wrote:

> Sort of related question: Does anybody (when aggregating logs to a dedicated 
> logging host) stop logging to the local disk, or do you still do both local and 
> remote logging?
> 

  I've done it both ways round in the past.  There's no ideal solution
 I think.

  Having things local is useful if you break networking, or your
 central loghost fills up though!

  I'd be interested in any interesting solution to this problem though,
 right now we use syslog-ng to send logs to a central machine.  Those
 messages pass through a pipe to immediately alert upon a couple of
 common patterns (eg. failing raid) and then the logs get dumped to
 MySQL.

  200ish machines take up a lot of space, so the next job is to start
 to filter the logs prior to database insertion - but I've not found
 anything that will do the job neatly yet ..

Steve
--

Reply to:

References:
- A tool like "logwatch" for a log server
  - From: "Felipe Augusto van de Wiel (faw)" <felipe@cathedrallabs.org>
- Re: A tool like "logwatch" for a log server
  - From: Andy Davidson <andy@nosignal.org>
- Re: A tool like "logwatch" for a log server
  - From: Seth Mattinen <sethm@rollernet.us>

Prev by Date: Re: A tool like "logwatch" for a log server
Next by Date: Re: Unsubscribing
Previous by thread: Re: A tool like "logwatch" for a log server
Next by thread: Re: A tool like "logwatch" for a log server
Index(es):
- Date
- Thread