Ugo Bellavance wrote: > Bill Campbell wrote: >> On Tue, Jan 08, 2008, Ugo Bellavance wrote: >>> Joseph L. Casale wrote: >>>> Given my experience in Linux is limited currently, what do you guys >>>> use to monitor logs such as ?messages? on your centos servers? I had >>>> a hardware failure that happened in between me manually looking (of >>>> course?). I would hope it might have a some features to email >>>> critical issues etc? >>> logwatch is a good start. >>> >>> Get the latest version from www.logwatch.org. Runs automatically >>> daily and sends output to root. >> >> Isn't logwatch standard in CentOS installations? > > Yes, but an outdated version. > >> Swatch monitors one or more log files in real time, with options >> to report events immediately, or after some number of repeations >> in a specified time period (e.g. report immediately if a network >> interface goes into permiscuous mode, but only report something >> else if there are ``n'' occurrences within a minute). >> >> I've attached the swatchrc configuration file from this machine >> which has several examples. > > Thanks, I tried it once, but got swamped with e-mails. I'll give it > another try. Is it good with big log files? I tried the check_log > plugin for nagios, but it generated way too much I/O and timed out most > of the time. > I don't know if this was fixed, but it concatenates many log files before passing them to individual parsers. so you'd better move processed log files to a place where it doesn't find them...