[CentOS] Max FIFO buffer size - Log Reporting
Sean O'Connell
oconnell at soe.ucsd.edu
Tue Apr 26 03:52:56 UTC 2005
On Mon, 2005-04-25 at 23:21 -0400, Shawn M. Jones wrote:
> Lee W wrote:
>
> > Hi Everyone,
> >
> > I need to be able to create a summary report of all relevent syslog
> > entries that is then emailed weekly.
> >
> > The idea I have for this is to pipe the syslog entries (logged from
> > many hosts UNIX-Like and Windows) out to a a named pipe (say
> > /var/log/logpipe) that is then read periodically by a perl script
> > started from cron.
> >
> > The perl script then filters the log entries (probably using regular
> > expressions) and takes the appopriate action based on the severity of
> > the error (i.e. log to summary file, or immediately email admin).
> >
> > My main concern is that if a lot of entries get logged the FIFO buffer
> > may overload therefore loosing entries.
> >
> > Does anyone know what the size of the FIFO buffer is (or how it can be
> > configured) or maybe there is a better way to do something like what
> > I'm trying.
>
> This doesn't exactly answer your question, but have you checked out the
> logcheck package that's part of the Abacus Project tool set? It does
> not come with CentOS, but logcheck had some nice regex matching
> capabilities at one time. Essentially it would mail anomalous syslog
> entries to the admin every hour/day/week/etc. as a cron job. It also
> requires the logtail package.
>
> More info can be found at http://logcheck.org/
>
> There is also Logwatch Consolidator, which supposedly combines multiple
> logwatch emails into a single one which can be mailed.
>
> http://freshmeat.net/projects/lc/
>
> I know about these from my Debian days. There did not appear to be a
> logwatch package for woody, and it was the next thing.
>
> The reports were a little bit too verbose for me. I prefer the
> organization that logwatch provides on a daily basis, but I figured
> maybe you can use their code as a starting place to do some hacking,
> rather than rewriting everything yourself.
I'll toss a plug in for epylog -- http://linux.duke.edu/projects/epylog/
It's really nice on a central syslog server. It gives you the option of
having the reports generated as either a web page or as an email or
both. I have it setup to run a daily analysis which sends a reminder
notice and one that runs every4 hours with no notification. I have have
disabled email reports (get too much system email as it is :). The nice
thing about epylog is the powerful extensions to the existing canned
warnings (notice_local.xml and weed_local.cf) to generate reports and
filter out noise.
Sean
More information about the CentOS
mailing list