Hi Wu, We're doing almost the same thing here. We use swatch within syslog-ng to filter and act upon keywords such as "File System Full". Please see either of these sites for more info: My site (with a quick how-to) http://www.ip-solutions.net/syslog-ng/syslog.html or Nate Campi's site (where I got most of the ideas from) http://www.campin.net/ HTH, Harry Quoting ??? <wuhyat_private>: *> Hi, *> In our Data Center , we build a central log analysis system. We use *> syslog-ng as our central log server . Now about forty web servers, database *> servers and application servers forward their syslog records to the central *> log server. Logwatch is used as log analysis software, it analize syslog *> record it received and send result to the correspondent system administer. *> We use logwatch's default configuration. *> What's confusing me now is how to move on . Because logwatch is too *> simple , it can not find out all the problems ,such as "file system is full *> ". Can any experienced person give me some advice. *> Wu Haiyan *> -- Harry Hoffman ITSS Systems Team Leader University of Auckland hhoffmanat_private hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************* ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Feb 18 2003 - 11:29:55 PST