[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: alternatives to logcheck

On Sat, Oct 07, 2006 at 10:07:29 -0400, Robert C. Sanchez wrote:
> On Sat, Oct 07, 2006 at 09:23:03AM -0400, Ian D. Leroux wrote:
> > I'm looking for a way to monitor my logfiles while selectively
> > ignoring
> > noise, i.e. entries that *I* understand and am not worried about.
> > 
> > This sounds like logcheck's mandate, except that logcheck seems to be
> > more geared towards letting package maintainers define rules for
> > filtering normal entries.  For instance, there are a number of rules
> > in
> > ignore.d.paranoid that filter out unsuccesful mail delivery attempts
> > that I don't want.  Since these files are managed by the debian
> > package
> > system, I don't want to edit them directly, for fear of having all my
> > changes overwritten at next upgrade.
> > 
> > I'm getting the feeling that I should just roll my own solution, but I
> > thought I'd ask first if there were alternative packages or other more
> > elegant approaches I should look at.  Would it be appropriate to try
> > building something on top of syslog-ng's filter rules?
> > 
> What I have done it place a file into /etc/logcheck/ignore.d.paranoid/
> called local and symlinked into ignore.d.server and ignore.d.workstation
> where I can define my own rules.  That way, I get the benefit of
> logcheck ignoring the stuff I want ignored, and I also need not worry
> about it being overwritten on upgrade.

As I understand it, that's a mechanism to ignore *more* than the
default.  Does it give me a way to ignore *less*, short of manually
deleting the existing rule files?


Reply to: