On Mon, Jan 07, 2008, Les Mikesell wrote: >Bill Campbell wrote: > >>> Given my experience in Linux is limited currently, what do you guys >>> use to monitor logs such as `messages' on your centos servers? I had a >>> hardware failure that happened in between me manually looking (of >>> course...). I would hope it might have a some features to email >>> critical issues etc... >> >>We use swatch to monitor various things, mainly security related. >> > >Did you have to do something to it to make it work with centos? I have >one running on a machine that collects a lot of router syslogs and it >has the annoying habit of resending a bunch of old notifications >whenever a new one is noticed. Not really. Swatch is pretty straightforward perl, using gnu-tail to watch the end of log file(s). The only issue I've seen is that it will sometimes report old things on occassion when starting if there are matching entries near the end of the files. One place where I used this is on an openldap server that would occassionally get into a ``too many open files'' situation, and swatch would call a routine that restarted slapd when this happened. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 Capitalism works primarily because most of the ways that a company can be scum end up being extremely bad for business when there's working competition. -rra