[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: best log checker



On Wed, 2007-01-31 at 20:47 -0500, Douglas Allan Tutty wrote:
> I'm trying to find a good log checker.
> 
> Basically, I want it to report anything that I don't tell it to ignore.
> 
> I've tried logcheck first and when I couldn't get it to do what I want I
> tried logwatch.  It has an ignore file that it says to just cut and
> paste what you want to ignore.  I do that and it doesn't ignore it.
> Some docs mention that its all based on regular expressions so I tried
> enclosing the lines in quotes to no avial.
> 
> I do neither perl nor RE: they're both too cryptic.  I guess I'll never
> be a true *N*X weenie.
[...]
> What do others use?

But... regular expressions can be so important! 
http://xkcd.com/c208.html

Humor aside, I seem to forget most of the regular expressions I learn
very quickly. Even so, I use logcheck and find it to be quite good.

It's not so hard to write general rules that work on my system (but
would probably be too general for anyone else) simply by reading and
adapting the existing rules. 

Also make sure you check out the README in logcheck-database, especially
the section about testing rules as it gives you a handy one liner for
trying out regex, making sure they match.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: