Hello,
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
For example, if i see a message "foo" in /var/log/kern I would like to email myself.
Any idea how to do this? Has anyone done this before?
TIA
On 2008-08-29 13:19, Mag Gam wrote:
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
For example, if i see a message "foo" in /var/log/kern I would like to email myself.
I use "monit" for that (and other things). Easy to setup, very reliable.
Available from rpmforge:
yum --enable=rpmforge install monit
Have you heard of http://www.ossec.net/?
It would do what you like and more. You configure which logs you want watched and who should be emailed/texted/paged according to various levels of criticality.
I believe you can have it email you for custom log-events; although it will notice many common failure messages and other anomalies automatically - so many I haven't needed to modify much.
I'm not sure if centos provides packages w/ similar functionality or not.
Jeremiah
On 29 Aug 2008, at 04:19, Mag Gam wrote:
Hello,
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
For example, if i see a message "foo" in /var/log/kern I would like to email myself.
Any idea how to do this? Has anyone done this before?
TIA _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Oh, so syslog-ng probally isn't the right tool for the job?
I can use these tools to monitor my /var/log/kern ?
Also, thanks for all the responses!
On Fri, Aug 29, 2008 at 7:36 AM, Jeremiah Heller jeremiah@itmustbe.com wrote:
Have you heard of http://www.ossec.net/?
It would do what you like and more. You configure which logs you want watched and who should be emailed/texted/paged according to various levels of criticality.
I believe you can have it email you for custom log-events; although it will notice many common failure messages and other anomalies automatically - so many I haven't needed to modify much.
I'm not sure if centos provides packages w/ similar functionality or not.
Jeremiah
On 29 Aug 2008, at 04:19, Mag Gam wrote:
Hello,
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
For example, if i see a message "foo" in /var/log/kern I would like to email myself.
Any idea how to do this? Has anyone done this before?
TIA _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 29 Aug 2008, at 05:04, Mag Gam wrote:
Oh, so syslog-ng probally isn't the right tool for the job?
I'm not sure, I'm not familiar with syslog-ng... or what all the job entails.
I can use these tools to monitor my /var/log/kern ?
You can use OSSEC to monitor any or all logs. It takes a few options to let it know the type of logfile (apache, syslog, nmap, etc.) and its location but that's about it.
Also, thanks for all the responses!
Sure, though we should probably stop top-posting afore someone gets cranky=}
Have fun!
On Fri, Aug 29, 2008 at 5:56 AM, Jeremiah Heller jeremiah@itmustbe.com wrote:
Sure, though we should probably stop top-posting afore someone gets cranky=}
YEAH!
;^)
mhr
On 8/29/08, Mag Gam magawake@gmail.com wrote:
Hello,
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
Check out SWATCH: http://swatch.sourceforge.net/
Best, -at
On Fri, 2008-08-29 at 11:00 -0700, Aleksey Tsalolikhin wrote:
On 8/29/08, Mag Gam magawake@gmail.com wrote:
Hello,
I know centos does not use syslog-ng, but I have installed it at my university. My intention is if a particular string appears in my /var/log/messages I would like to get an email alert.
Check out SWATCH: http://swatch.sourceforge.net/
Expanding on that, here is a way that I know works in CentOS 5:
In syslog-ng.conf add the following or similar 'destination':
destination d_swatch { program("/usr/bin/swatch --config-file=/etc/swatch.conf --script-dir=/var/run/swatch --read-pipe= "cat /dev/fd/0""); };
I got that from http://www.campin.net/syslog-ng/faq.html a long time ago.
--Tim
-
Aleksey Tsalolikhin -
Jeremiah Heller -
Karanbir Singh -
Mag Gam -
MHR -
Paul Bijnens -
Timothy Selivanow