[CentOS] Max FIFO buffer size - Log Reporting

Tue Apr 26 03:21:48 UTC 2005
Shawn M. Jones <smj at littleprojects.org>

Lee W wrote:

> Hi Everyone,
> I need to be able to create a summary report of all relevent syslog 
> entries that is then emailed weekly.
> The idea I have for this is to pipe the syslog entries (logged from 
> many hosts UNIX-Like and Windows) out to a a named pipe (say 
> /var/log/logpipe) that is then read periodically by a perl script 
> started from cron.
> The perl script then filters the log entries (probably using regular 
> expressions) and takes the appopriate action based on the severity of 
> the error (i.e. log to summary file, or immediately email admin).
> My main concern is that if a lot of entries get logged the FIFO buffer 
> may overload therefore loosing entries.
> Does anyone know what the size of the FIFO buffer is (or how it can be 
> configured) or maybe there is a better way to do something like what 
> I'm trying.

This doesn't exactly answer your question, but have you checked out the 
logcheck package that's part of the Abacus Project tool set?  It does 
not come with CentOS, but logcheck had some nice regex matching 
capabilities at one time.  Essentially it would mail anomalous syslog 
entries to the admin every hour/day/week/etc. as a cron job.  It also 
requires the logtail package.

More info can be found at http://logcheck.org/

There is also Logwatch Consolidator, which supposedly combines multiple 
logwatch emails into a single one which can be mailed.


I know about these from my Debian days.  There did not appear to be a 
logwatch package for woody, and it was the next thing.

The reports were a little bit too verbose for me.  I prefer the 
organization that logwatch provides on a daily basis, but I figured 
maybe you can use their code as a starting place to do some hacking, 
rather than rewriting everything yourself.

Good luck,

Shawn M. Jones