Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
sednet
 Post subject: Syslog monitoring
PostPosted: Thu Mar 13, 2008 5:06 am 
Offline
Senior Member
User avatar

Joined: Wed Mar 17, 2004 4:11 pm
Posts: 554
Website: http://www.unixtastic.com
Location: Europe
Whats the best way to monitor syslog data from around 50 linux machines? What do you use?

Ideally I'd like to specify a list of regular expressions of stuff to ignore and get told about everything else one a day.
Top
   
Reply with quote  
encode
 Post subject:
PostPosted: Thu Mar 13, 2008 5:12 am 
Offline
Junior Member

Joined: Fri Feb 25, 2005 7:34 pm
Posts: 26
Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.
Top
   
Reply with quote  
sednet
 Post subject: Syslog monitoring
PostPosted: Thu Mar 13, 2008 5:24 am 
Offline
Senior Member
User avatar

Joined: Wed Mar 17, 2004 4:11 pm
Posts: 554
Website: http://www.unixtastic.com
Location: Europe
encode wrote:
Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.


I looked at logwatch but didn't see how to make it do what I want. The problem seems to be that I don't know what I'm looking for, only what should be ignored.
Top
   
Reply with quote  
irgeek
 Post subject: Where are the hosts?
PostPosted: Thu Mar 13, 2008 5:32 am 
Offline
Linode Staff
User avatar

Joined: Sat Jun 21, 2003 2:21 pm
Posts: 160
Location: Absecon, NJ
If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

--James
Top
   
Reply with quote  
zibeli
 Post subject: Re: Where are the hosts?
PostPosted: Fri Mar 14, 2008 10:28 am 
Offline
Senior Newbie

Joined: Sun Apr 25, 2004 3:32 pm
Posts: 13
irgeek wrote:
If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

--James


And
Code:
grep -v -f regexlist centrallogfile
might work as the script
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group