Yes - swapping rules and obscure syslog configurations is EXACTLY what this list is about... On Thu, 9 Aug 2001, W. Reilly Cooley, Esq. wrote: > Date: Thu, 9 Aug 2001 23:53:48 -0700 > From: "W. Reilly Cooley, Esq." <wcooleyat_private> > To: Jose Nazario <joseat_private> > Cc: loganalysisat_private > Subject: Re: [Fwd: Logfiles] > > Thus spake Jose Nazario: > > > > <self plug>i wrote a piece, to appear in the Sept, 2001 issue of SysAdmin > > Magazine i thikn, on using 'awk' as a logfile analysis tool. one gets > > pretty intimate with normal UNIX logging mechanisms when you have to > > codify how you will process them, go cross platform (i covered BSD, Liux, > > IRIX, HPUX and a bit of Solaris), and cover lots of data. i didn't even > > get into any trending which would have been useful ... </plug> > > The 'logcheck' utility which I and at least one other person on > this list has already mentioned is written in 'egrep' and shell. > I'm sure awk would also be excellent at this. There are a few > things I've wanted from logcheck that I've never gotten around to > implementing, but the nice thing about it is that it comes with > a nice set of rules of strings to ignore or get excited about. > And, that was my main problem with 'swatch'--it took so long to > get it quiet enough to be useful that it wasn't worth the effort. > I assume that swapping rules is part of what this list is about? > > Wil > VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:09:02 PDT