On Wed, Jan 09, 2002 at 10:14:15AM -0600, jamie rishaw wrote: > > Hey everyone, > > I'd like to get some input from people who are currently running a > centralized logging environment with multiple (and theoretically multi- > platform) OS's logging to one (or multiple) syslog hosts. > > Getting logging down, and getting hosts to log to a central server was > the easy part. It's pretty nifty, one place to go, and no more /var > fill ups :-) however, it's now time to go to the next step. > > What (presumedly freeware/opensource/open-dev) programs, home brew > perl madness, commercialware, etc, are people using for their log analysis? > > I think there will be two schools of solutions here, correct me if I'm > missing or off topic: > > > 1) Real-Time monitors to "tail" output and generate alerts/flags based > on certain situations or checkpoints/markers, and > > 2) Daily log parsing for reports, trend analysis, and longer term > watching I put together info on how I solved the problems you're facing at: http://www.campin.net/newlogcheck.html swatch, hacked logcheck, syslog-ng, stunnel, mysql and a syslog proxy I wrote all came together quite nicely. If you use any of you individual pieces you'll probably still find some tricks that will help you. -- Nate Campi | Terra Lycos DNS | WiReD UNIX Operations "A UNIX saleslady, Lenore Likes work, but likes the beach more. She found a clever way To mix work with play... She sells C shells by the seashore." --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 20:54:12 PST