hi guys currently i am testing logwatch, logcheck and newlogcheck to generated reports from log files generated by syslog-ng. The log files are generated in the format /var/log/syslog-ng/host1/date1/messages /var/log/syslog-ng/host1/date2/messages /var/log/syslog-ng/host1/date3/messages /var/log/syslog-ng/host2/date1/messages /var/log/syslog-ng/host2/date2/messages * * /var/log/syslog-ng/host*/date*/messages so i played around with logcheck and newlogcheck and it worked fine for single file. According to the README provided by logcheck it will work fine for a single logfile. So is there a way to run it against multiple logfiles according to dates and hosts. Regards
Logmuncher was customized to handle trees of files. Its similar to Logcheck on steroids. You ought to check it out. Russell On Fri, Nov 18, 2005 at 11:46:35AM +0500, Metal Gear wrote:
hi guys currently i am testing logwatch, logcheck and newlogcheck to generated reports from log files generated by syslog-ng. The log files are generated in the format
/var/log/syslog-ng/host1/date1/messages /var/log/syslog-ng/host1/date2/messages /var/log/syslog-ng/host1/date3/messages /var/log/syslog-ng/host2/date1/messages /var/log/syslog-ng/host2/date2/messages * * /var/log/syslog-ng/host*/date*/messages so i played around with logcheck and newlogcheck and it worked fine for single file. According to the README provided by logcheck it will work fine for a single logfile. So is there a way to run it against multiple logfiles according to dates and hosts.
Regards _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Fri, 18 Nov 2005, Metal Gear wrote:
hi guys currently i am testing logwatch, logcheck and newlogcheck to generated reports from log files generated by syslog-ng. The log files are generated in the format
/var/log/syslog-ng/host1/date1/messages
I haven't see some of the other ones mentioned, but I've been using this for myself and some clients. It's a very modified version of logcheck/logsentry that I use for /var/log/servers/YYYY/MM/DD/hostname http://englanders.cc/pub/linux/misc/logcheck-remote.sh Jason -- Jason Englander <jason@englanders.cc> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
I guess I should explain further. Logmuncher handles the directory hierarchy quite well, see my syslog presentation with sample configs here: http://www.adamsinfoserv.com/AISTWiki/bin/view/AIS/Presentations Also another neat feature is that Logmuncher will only grab log files to search that were modified in the last 24 hours. That way as your directory trees grow, the log files that are processed stay minimal. Logmuncher is at: http://fmg-www.cs.ucla.edu/fmg-members/geoff/logmuncher.html Russell On Fri, Nov 18, 2005 at 02:27:45PM -0500, Jason Englander wrote:
On Fri, 18 Nov 2005, Metal Gear wrote:
hi guys currently i am testing logwatch, logcheck and newlogcheck to generated reports from log files generated by syslog-ng. The log files are generated in the format
/var/log/syslog-ng/host1/date1/messages
I haven't see some of the other ones mentioned, but I've been using this for myself and some clients. It's a very modified version of logcheck/logsentry that I use for /var/log/servers/YYYY/MM/DD/hostname
http://englanders.cc/pub/linux/misc/logcheck-remote.sh
Jason
-- Jason Englander <jason@englanders.cc> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Thank you guys for helpful replies, i tried logmucher and it worked perfect. I have another question that is that possible to run newlogcheck through cron with the following alterations LOGFILE=$1 $LOGTAIL $LOGFILE > $TMPDIR/check what i tried to do is to provide a custom path to newlogcheck.sh on runtime to process the logs, but this is not working for me. Then the syntax would be, ./newlogcheck.sh /var/log/hosts/robot/day.month.year/messages is there a possiblity to run newlogcheck with above mentioned conditions. Thanks
On 11/21/05, Metal Gear <finattack@gmail.com> wrote:
what i tried to do is to provide a custom path to newlogcheck.sh on runtime to process the logs, but this is not working for me.
Then the syntax would be, ./newlogcheck.sh /var/log/hosts/robot/day.month.year/messages
is there a possiblity to run newlogcheck with above mentioned conditions.
Sure, something like: /patch/to/newlogcheck.sh /var/log/hosts/robot/`date '+%d%m20%y'`/messages Most people still keep logs someplace like /var/log/messages so that things like logcheck and just some random person wanting to check for errors can still find the logs, then just rotate/delete them every day and store the /var/log/HOSTS stuff according to some longer retention policy. Seems easier in the long run.
participants (4)
-
Adams, Russell L.
-
catenate
-
Jason Englander
-
Metal Gear