Syslog monitoring

Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.

@encode:

Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.

I looked at logwatch but didn't see how to make it do what I want. The problem seems to be that I don't know what I'm looking for, only what should be ignored.

If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

–James

@irgeek:

If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

–James

And grep -v -f regexlist centrallogfile might work as the script