Given my experience in Linux is limited currently, what do you guys use to monitor logs such as 'messages' on your centos servers? I had a hardware failure that happened in between me manually looking (of course...). I would hope it might have a some features to email critical issues etc...
Thanks! jlc
On Mon, Jan 07, 2008, Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as `messages' on your centos servers? I had a hardware failure that happened in between me manually looking (of course...). I would hope it might have a some features to email critical issues etc...
We use swatch to monitor various things, mainly security related.
Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Rights is a fictional abstraction. No one has ``Rights'', neither machines nor flesh-and-blood. Persons... have opportunities, not rights, which they use or do not use. -- Lazarus Long
Bill Campbell wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as `messages' on your centos servers? I had a hardware failure that happened in between me manually looking (of course...). I would hope it might have a some features to email critical issues etc...
We use swatch to monitor various things, mainly security related.
Did you have to do something to it to make it work with centos? I have one running on a machine that collects a lot of router syslogs and it has the annoying habit of resending a bunch of old notifications whenever a new one is noticed.
On Mon, Jan 07, 2008, Les Mikesell wrote:
Bill Campbell wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as `messages' on your centos servers? I had a hardware failure that happened in between me manually looking (of course...). I would hope it might have a some features to email critical issues etc...
We use swatch to monitor various things, mainly security related.
Did you have to do something to it to make it work with centos? I have one running on a machine that collects a lot of router syslogs and it has the annoying habit of resending a bunch of old notifications whenever a new one is noticed.
Not really. Swatch is pretty straightforward perl, using gnu-tail to watch the end of log file(s). The only issue I've seen is that it will sometimes report old things on occassion when starting if there are matching entries near the end of the files.
One place where I used this is on an openldap server that would occassionally get into a ``too many open files'' situation, and swatch would call a routine that restarted slapd when this happened.
Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Capitalism works primarily because most of the ways that a company can be scum end up being extremely bad for business when there's working competition. -rra
Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as ‘messages’ on your centos servers? I had a hardware failure that happened in between me manually looking (of course…). I would hope it might have a some features to email critical issues etc…
Depends on if you're monitoring just one server or a bunch.
I'd google for these things:
LogWatch epylog big syster oak
Then there's various things that read syslog and can read reports for you. Google around for things like syslog-ng, nagios, zenoss, whatnot, if you're looking at larger scope.
Jed
Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as ‘messages’ on your centos servers? I had a hardware failure that happened in between me manually looking (of course…). I would hope it might have a some features to email critical issues etc…
logwatch is a good start.
Get the latest version from www.logwatch.org. Runs automatically daily and sends output to root.
On Tue, Jan 08, 2008, Ugo Bellavance wrote:
Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as ?messages? on your centos servers? I had a hardware failure that happened in between me manually looking (of course?). I would hope it might have a some features to email critical issues etc?
logwatch is a good start.
Get the latest version from www.logwatch.org. Runs automatically daily and sends output to root.
Isn't logwatch standard in CentOS installations?
Swatch monitors one or more log files in real time, with options to report events immediately, or after some number of repeations in a specified time period (e.g. report immediately if a network interface goes into permiscuous mode, but only report something else if there are ``n'' occurrences within a minute).
I've attached the swatchrc configuration file from this machine which has several examples.
Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Never blame a legislative body for not doing something. When they do nothing, that don't hurt anybody. When they do something is when they become dangerous. -- Will Rogers
Bill Campbell wrote:
On Tue, Jan 08, 2008, Ugo Bellavance wrote:
Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as ?messages? on your centos servers? I had a hardware failure that happened in between me manually looking (of course?). I would hope it might have a some features to email critical issues etc?
logwatch is a good start.
Get the latest version from www.logwatch.org. Runs automatically daily and sends output to root.
Isn't logwatch standard in CentOS installations?
Yes, but an outdated version.
Swatch monitors one or more log files in real time, with options to report events immediately, or after some number of repeations in a specified time period (e.g. report immediately if a network interface goes into permiscuous mode, but only report something else if there are ``n'' occurrences within a minute).
I've attached the swatchrc configuration file from this machine which has several examples.
Thanks, I tried it once, but got swamped with e-mails. I'll give it another try. Is it good with big log files? I tried the check_log plugin for nagios, but it generated way too much I/O and timed out most of the time.
Regards,
Ugo
Ugo Bellavance wrote:
Bill Campbell wrote:
On Tue, Jan 08, 2008, Ugo Bellavance wrote:
Joseph L. Casale wrote:
Given my experience in Linux is limited currently, what do you guys use to monitor logs such as ?messages? on your centos servers? I had a hardware failure that happened in between me manually looking (of course?). I would hope it might have a some features to email critical issues etc?
logwatch is a good start.
Get the latest version from www.logwatch.org. Runs automatically daily and sends output to root.
Isn't logwatch standard in CentOS installations?
Yes, but an outdated version.
Swatch monitors one or more log files in real time, with options to report events immediately, or after some number of repeations in a specified time period (e.g. report immediately if a network interface goes into permiscuous mode, but only report something else if there are ``n'' occurrences within a minute).
I've attached the swatchrc configuration file from this machine which has several examples.
Thanks, I tried it once, but got swamped with e-mails. I'll give it another try. Is it good with big log files? I tried the check_log plugin for nagios, but it generated way too much I/O and timed out most of the time.
I don't know if this was fixed, but it concatenates many log files before passing them to individual parsers. so you'd better move processed log files to a place where it doesn't find them...
-
Bill Campbell -
Jed Reynolds -
Joseph L. Casale -
Les Mikesell -
mouss -
Ugo Bellavance