[CentOS] Re: Log Monitoring Recomendation
Ugo Bellavance
ugob at lubik.ca
Wed Jan 9 19:20:17 UTC 2008
Bill Campbell wrote:
> On Tue, Jan 08, 2008, Ugo Bellavance wrote:
>> Joseph L. Casale wrote:
>>> Given my experience in Linux is limited currently, what do you guys use
>>> to monitor logs such as ?messages? on your centos servers? I had a
>>> hardware failure that happened in between me manually looking (of
>>> course?). I would hope it might have a some features to email critical
>>> issues etc?
>> logwatch is a good start.
>>
>> Get the latest version from www.logwatch.org. Runs automatically daily
>> and sends output to root.
>
> Isn't logwatch standard in CentOS installations?
Yes, but an outdated version.
> Swatch monitors one or more log files in real time, with options
> to report events immediately, or after some number of repeations
> in a specified time period (e.g. report immediately if a network
> interface goes into permiscuous mode, but only report something
> else if there are ``n'' occurrences within a minute).
>
> I've attached the swatchrc configuration file from this machine
> which has several examples.
Thanks, I tried it once, but got swamped with e-mails. I'll give it
another try. Is it good with big log files? I tried the check_log
plugin for nagios, but it generated way too much I/O and timed out most
of the time.
Regards,
Ugo
More information about the CentOS
mailing list