On Sat, Oct 07, 2006 at 09:23:03AM -0400, Ian D. Leroux wrote: > I'm looking for a way to monitor my logfiles while selectively ignoring > noise, i.e. entries that *I* understand and am not worried about. > > This sounds like logcheck's mandate, except that logcheck seems to be > more geared towards letting package maintainers define rules for > filtering normal entries. For instance, there are a number of rules in > ignore.d.paranoid that filter out unsuccesful mail delivery attempts > that I don't want. Since these files are managed by the debian package > system, I don't want to edit them directly, for fear of having all my > changes overwritten at next upgrade. > > I'm getting the feeling that I should just roll my own solution, but I > thought I'd ask first if there were alternative packages or other more > elegant approaches I should look at. Would it be appropriate to try > building something on top of syslog-ng's filter rules? > What I have done it place a file into /etc/logcheck/ignore.d.paranoid/ called local and symlinked into ignore.d.server and ignore.d.workstation where I can define my own rules. That way, I get the benefit of logcheck ignoring the stuff I want ignored, and I also need not worry about it being overwritten on upgrade. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature