chaos
August 24th, 2003, 19:24
Hi

I have a question abot logfiles. Which logfile analyser are you guys using. I'm thinking about logsentry or equal that mails interesting stuff to you so you don't have to manually go through the logfiles.

What about syslog configuration and log rotation? This have to be customized?

Hope you can point me in the right direction. References, guides, howtos, hints, advaces or equal would be appriciated.

frisco
August 24th, 2003, 19:58
I have a question abot logfiles. Which logfile analyser are you guys using. I'm thinking about logsentry or equal that mails interesting stuff to you so you don't have to manually go through the logfiles.


I think i use a customized perl script to do this. It's based off of some other perl script whose name i can't remember - maybe swatch? I ssh to one of my syslog servers and run that script on /var/adm/messages and it prints out all the important messages to a dedicated monitor, plus there's another script that pages us with the real important ones.


What about syslog configuration and log rotation? This have to be customized?


It depends on the server. For my main syslog servers (the ones all the other machines log to), i put everything in /var/log/messages and run a script that constantly parses that into separate dirs and files. For other servers, i only add the lines to also log to the syslog servers. For log rotation, it depends on the server and how hammered the logfiles get. Some it's every hour, keeping 1 week's worth, for others it's the default. If you log everything, pflog can quickly eat through 20 gigs of disk space, if you run a busy webserver, so can apache, maillogs get hammered during worm crises, etc etc.



Hope you can point me in the right direction. References, guides, howtos, hints, advaces or equal would be appriciated.

Be sure to read syslog.conf(5), newsyslog(8), and the manpages referenced from there.

The way you handle your logs will really be dependant on the purpose of the server. What kind of server are we talking about?

chaos
August 25th, 2003, 09:35
I think i use a customized perl script to do this. It's based off of some other perl script whose name i can't remember - maybe swatch? I ssh to one of my syslog servers and run that script on /var/adm/messages and it prints out all the important messages to a dedicated monitor, plus there's another script that pages us with the real important ones.
Was it possible to see these scripts for inspiration?

The way you handle your logs will really be dependant on the purpose of the server. What kind of server are we talking about.
It is a web and mail-server. Moreover some friends have a shell account on this server. They use it for IRC, reading mail and stuff like that.