I actually setup a central syslog server in addition to local logging. That way I have two sets of files to compare in case I need to correlate the logs. I use swatch for near real-time syslog monitoring. I have custom scripts that send log summaries on a daily basis. I have custom scripts that build a web page on my central syslog server with the last hours logs. This is custom based on certain events. Not all events are on the web page. For a home-grown solution this works well for me.....your results may vary. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: jamie rishaw [mailto:jamieat_private] Sent: Wednesday, January 09, 2002 11:14 AM To: loganalysisat_private Subject: [logs] Log Analysis Hey everyone, I'd like to get some input from people who are currently running a centralized logging environment with multiple (and theoretically multi- platform) OS's logging to one (or multiple) syslog hosts. Getting logging down, and getting hosts to log to a central server was the easy part. It's pretty nifty, one place to go, and no more /var fill ups :-) however, it's now time to go to the next step. What (presumedly freeware/opensource/open-dev) programs, home brew perl madness, commercialware, etc, are people using for their log analysis? I think there will be two schools of solutions here, correct me if I'm missing or off topic: 1) Real-Time monitors to "tail" output and generate alerts/flags based on certain situations or checkpoints/markers, and 2) Daily log parsing for reports, trend analysis, and longer term watching Program names are fine to spew back, but input on actual use of these utilities, thoughts, etc, would help. And if it turns up zero, perhaps we can start a project of our own :) Thanks in advance for input. I'm hoping I'm not the only one out here in the same boat. jamie -- jamie rishaw <jamieat_private> sr. wan/unix engineer/ninja // playboy enterprises inc. [opinions stated are mine, and are not necessarily those of the bunny] "UNIX was not designed to stop people from doing stupid things, because that would also stop them from doing clever things." -- Doug Gwyn --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 12:29:56 PST