System log monitor
Thanks to everyone that replied. I've installed logcheck and it works
well after a couple of iterations of weeding out the false alarms. I
suppose it would be nice if packages could supply their own violations
and ignore files to make this easier. For example, postfix would
supply a violations file containing
postfix/(pickup|cleanup|qmgr|smtpd): .*(fatal|warn|error)
and an ignore file like
postfix/pickup\[[0-9]+\]: [A-Z0-9]+: uid=[0-9]+ from=
postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=
postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: from=.*, size=[0-9]+
etc ...
And logcheck does a run-parts style include of all the files plus the
defaults. Does this seem like a plausible system, and does it fit
with the debian policy. Sorry if this is just idle speculation, I'm a
bit of a newbie to the debian way of doing things.
That said, I'd be prepared to take on implementing this if it seems
like a good idea.
Regards,
Steve
Reply to: