On Tue, 2005-11-15 at 00:12 -0500, Crayola wrote:
I have used swatch, logchecker, and logwatch in the past against standard OS logs..
Now I have a centralized syslog system where everything is being pumped directly into multiple MySQL databases.
Are there any log analysis tools that can look at syslog data in a mysql database and send out alerts based on it?
Why not just use swatch or sec and an alternate destination to handle the alerts?
I'd prefer not to send it to two locations.. Its already being pumped into a database. I'd rather not pump it to files as well.
You don't pump it to files. Pump it to the program sec. Right now you're using a program to push the log info to the mysql db. Do the same thing but piping it directly to sec. -sv