Re: alternatives to logcheck
On Sat, Oct 07, 2006 at 10:07:29 -0400, Robert C. Sanchez wrote:
> On Sat, Oct 07, 2006 at 09:23:03AM -0400, Ian D. Leroux wrote:
> > I'm looking for a way to monitor my logfiles while selectively
> > ignoring
> > noise, i.e. entries that *I* understand and am not worried about.
> > This sounds like logcheck's mandate, except that logcheck seems to be
> > more geared towards letting package maintainers define rules for
> > filtering normal entries. For instance, there are a number of rules
> > in
> > ignore.d.paranoid that filter out unsuccesful mail delivery attempts
> > that I don't want. Since these files are managed by the debian
> > package
> > system, I don't want to edit them directly, for fear of having all my
> > changes overwritten at next upgrade.
> > I'm getting the feeling that I should just roll my own solution, but I
> > thought I'd ask first if there were alternative packages or other more
> > elegant approaches I should look at. Would it be appropriate to try
> > building something on top of syslog-ng's filter rules?
> What I have done it place a file into /etc/logcheck/ignore.d.paranoid/
> called local and symlinked into ignore.d.server and ignore.d.workstation
> where I can define my own rules. That way, I get the benefit of
> logcheck ignoring the stuff I want ignored, and I also need not worry
> about it being overwritten on upgrade.
As I understand it, that's a mechanism to ignore *more* than the
default. Does it give me a way to ignore *less*, short of manually
deleting the existing rule files?