Bill Campbell wrote: > On Tue, Jan 08, 2008, Ugo Bellavance wrote: >> Joseph L. Casale wrote: >>> Given my experience in Linux is limited currently, what do you guys use >>> to monitor logs such as ?messages? on your centos servers? I had a >>> hardware failure that happened in between me manually looking (of >>> course?). I would hope it might have a some features to email critical >>> issues etc? >> logwatch is a good start. >> >> Get the latest version from www.logwatch.org. Runs automatically daily >> and sends output to root. > > Isn't logwatch standard in CentOS installations? Yes, but an outdated version. > Swatch monitors one or more log files in real time, with options > to report events immediately, or after some number of repeations > in a specified time period (e.g. report immediately if a network > interface goes into permiscuous mode, but only report something > else if there are ``n'' occurrences within a minute). > > I've attached the swatchrc configuration file from this machine > which has several examples. Thanks, I tried it once, but got swamped with e-mails. I'll give it another try. Is it good with big log files? I tried the check_log plugin for nagios, but it generated way too much I/O and timed out most of the time. Regards, Ugo