On Mon, 2005-04-25 at 23:21 -0400, Shawn M. Jones wrote: > Lee W wrote: > > > Hi Everyone, > > > > I need to be able to create a summary report of all relevent syslog > > entries that is then emailed weekly. > > > > The idea I have for this is to pipe the syslog entries (logged from > > many hosts UNIX-Like and Windows) out to a a named pipe (say > > /var/log/logpipe) that is then read periodically by a perl script > > started from cron. > > > > The perl script then filters the log entries (probably using regular > > expressions) and takes the appopriate action based on the severity of > > the error (i.e. log to summary file, or immediately email admin). > > > > My main concern is that if a lot of entries get logged the FIFO buffer > > may overload therefore loosing entries. > > > > Does anyone know what the size of the FIFO buffer is (or how it can be > > configured) or maybe there is a better way to do something like what > > I'm trying. > > This doesn't exactly answer your question, but have you checked out the > logcheck package that's part of the Abacus Project tool set? It does > not come with CentOS, but logcheck had some nice regex matching > capabilities at one time. Essentially it would mail anomalous syslog > entries to the admin every hour/day/week/etc. as a cron job. It also > requires the logtail package. > > More info can be found at http://logcheck.org/ > > There is also Logwatch Consolidator, which supposedly combines multiple > logwatch emails into a single one which can be mailed. > > http://freshmeat.net/projects/lc/ > > I know about these from my Debian days. There did not appear to be a > logwatch package for woody, and it was the next thing. > > The reports were a little bit too verbose for me. I prefer the > organization that logwatch provides on a daily basis, but I figured > maybe you can use their code as a starting place to do some hacking, > rather than rewriting everything yourself. I'll toss a plug in for epylog -- http://linux.duke.edu/projects/epylog/ It's really nice on a central syslog server. It gives you the option of having the reports generated as either a web page or as an email or both. I have it setup to run a daily analysis which sends a reminder notice and one that runs every4 hours with no notification. I have have disabled email reports (get too much system email as it is :). The nice thing about epylog is the powerful extensions to the existing canned warnings (notice_local.xml and weed_local.cf) to generate reports and filter out noise. Sean