[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

System log monitor

Thanks to everyone that replied.  I've installed logcheck and it works
well after a couple of iterations of weeding out the false alarms.  I
suppose it would be nice if packages could supply their own violations
and ignore files to make this easier.  For example, postfix would
supply a violations file containing

    postfix/(pickup|cleanup|qmgr|smtpd): .*(fatal|warn|error)

and an ignore file like

    postfix/pickup\[[0-9]+\]: [A-Z0-9]+: uid=[0-9]+ from=
    postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=
    postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: from=.*, size=[0-9]+
    etc ...

And logcheck does a run-parts style include of all the files plus the
defaults.  Does this seem like a plausible system, and does it fit
with the debian policy.  Sorry if this is just idle speculation, I'm a
bit of a newbie to the debian way of doing things.

That said, I'd be prepared to take on implementing this if it seems
like a good idea.


Reply to: