Re: [logs] Realtime log checking with special features : any software ?

From: Wolfgang Ley - Sun Germany - Hamburg (Wolfgang.Leyat_private)
Date: Thu Dec 27 2001 - 02:35:22 PST

Next message: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"

Previous message: Jose Nazario: "Re: [logs] pf log"
Maybe in reply to: Gildas PERROT: "[logs] Realtime log checking with special features : any software ?"
Next in thread: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"
Reply: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

you can use logsurfer (http://www.cert.dfn.de/eng/logsurf/). This
program allows you to follow the logs in "realtime" (well - as they
are getting added). It has no variable for throttling but you can
very easy include this throtteling:
After a match fire up your action and add another rule in front
of your current one to capture this message(s). This additional
rule is generated with an "ignore" action and has a line limit (how
often to you want to ignore this message) and/or a time limit (for
how long do you want to ignore this message).

For details see the manpage.

Bye,
  Wolfgang.
-- 
*******************************************************************
Wolfgang Ley                           Enterprise Services
Solaris Competence Center              Wolfgang.Leyat_private
Sun Microsystems GmbH                  Tel: +49 40 251523-0
Eiffestrasse 80                        Fax: +49 40 251523-77
D-20537 Hamburg                        http://www.sun.de/
-------------------------------------------------------------------

> From: "Gildas PERROT" <perrotat_private>
> To: <loganalysisat_private>
> Date: Thu, 20 Dec 2001 17:34:36 +0100
> Subject: [logs] Realtime log checking with special features : any software ?
> 
> Hi,
> 
> I am looking for the best software to do realtime log checking (regex on
> patterns) with special features. I am using Redhat 6.x and have perl and C
> compiler installed.
> 
> The special features are :
> 
> - executing a command when pattern is found
> - limiting the number of times that the matched pattern has actions
> performed on it (throttle)
> - examining lines of text as they are added to logfile (tail mode)
> 
> I already tried swatch 3.0.4 (http://www.oit.ucsb.edu/~eta/swatch/) which is
> supposed to do that but I had some problems with it :
> 
> 1) I noticed that with --tail-file mode, execution of a command doesn't
> occur as soons as pattern appears in logfile (there is a delay of nearly one
> minute)
> 
> 2) throttle values are not accepted.
> 
> Thanks in advance for your help.
> 
> Gildas.
> 
> ---
> Gildas PERROT, perrotat_private
> Fluxus, 30, rue du Château des Rentiers, 75647 Paris Cedex 13   __o
> http://www.fluxus.net                                      ---_`\<,_
> Fluxus est une société B.T. Ignite                     ----- (_)/ (_)
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"
Previous message: Jose Nazario: "Re: [logs] pf log"
Maybe in reply to: Gildas PERROT: "[logs] Realtime log checking with special features : any software ?"
Next in thread: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"
Reply: Brian Birkinbine: "Re: [logs] Realtime log checking with special features : any software ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 09:51:28 PST