Re: [logs] Recommendations for a syslog checker

• Previous message: Alan Sparks: "Re: [logs] Recommendations for a syslog checker"
• In reply to: Florian Laws: "[logs] Recommendations for a syslog checker"
• Next in thread: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2003-11-12T06:26:32 Florian Laws:
> I'm looking for a syslog log checker that sends me 
> all unknown log entries (with context if possible)
> that can then be configured to ignore known harmless
> log entries.

Visit the loganalysis website[1], look in the library section, see
in particular the section Log Parsers (Generic). I've seen logsurfer
and swatch mentioned for this use, along with SEC (Simple Event
Correlator), which is listed instead on the Data Correlations page.

Note that "unknown log entries" is a class whose definition depends
on you configuring all the "known harmless log entries", since one
man's harmless is another man's poison, or thereabouts. This is a
time-consuming exercise, but with a little facility wielding shell
tools it isn't so bad. It has the side-benefit of threatening to
teach you stuff you didn't know about your own environment.

-Bennett

[1] <URL:http://www.loganalysis.org/>

• application/pgp-signature attachment: stored

• Next message: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• Previous message: Alan Sparks: "Re: [logs] Recommendations for a syslog checker"
• In reply to: Florian Laws: "[logs] Recommendations for a syslog checker"
• Next in thread: Daniel San Miguel Reyero: "[logs]Re: Recommendations for a syslog checker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 09:00:30 PST