Logcheck/LogSentry doesn't work right with syslog-ng! How fix...(thinks all is an emergency)
LogCheck aka LogSentry look for strange behavior in log files. I just tried syslog-ng for first time and noticed now LogCheck thinks everything is an emergency. How make them like each other??? Chris -- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax: (619) 553-0804 Email: seberino@spawar.navy.mil _______________________________________
On Fri, Feb 14, 2003 at 12:07:34PM -0800, seberino@spawar.navy.mil wrote:
LogCheck aka LogSentry look for strange behavior in log files.
I just tried syslog-ng for first time and noticed now LogCheck thinks everything is an emergency. How make them like each other???
You need to use the logcheck ignore files (logcheck.ignore and logcheck.violations.ignore IIRC). Of course this has nothing to do with syslog-ng and should be asked on the abacus mailing list for all Psionic.com software (http://www.psionic.com/mailinglist.html - looks like they're calling it the "sentry" mailing list now). -- Nate Campi http://www.campin.net
Nate The format of syslog-ng output is different enough that LogSentry has a heart attack at every logging entry. This will take some work to make LogSentry work with syslog-ng. Chris On Fri, Feb 14, 2003 at 12:21:50PM -0800, Nate Campi wrote:
On Fri, Feb 14, 2003 at 12:07:34PM -0800, seberino@spawar.navy.mil wrote:
LogCheck aka LogSentry look for strange behavior in log files.
I just tried syslog-ng for first time and noticed now LogCheck thinks everything is an emergency. How make them like each other???
You need to use the logcheck ignore files (logcheck.ignore and logcheck.violations.ignore IIRC). Of course this has nothing to do with syslog-ng and should be asked on the abacus mailing list for all Psionic.com software (http://www.psionic.com/mailinglist.html - looks like they're calling it the "sentry" mailing list now). -- Nate Campi http://www.campin.net
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax: (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
On Fri, Feb 14, 2003 at 11:14:27PM -0800, seberino@spawar.navy.mil wrote:
The format of syslog-ng output is different enough that LogSentry has a heart attack at every logging entry. This will take some work to make LogSentry work with syslog-ng.
Ok, I haven't worked with the script since it was called logcheck. This still is not an issue with syslog-ng however, and belongs on the logsentry list. Sounds like logsentry has a sanity check similar to my enhanced logcheck version. You can probably comment out a single line to make it work right (but this is a wild guess, don't take my word for it). -- Nate Campi http://www.campin.net
participants (2)
-
Nate Campi
-
seberino@spawar.navy.mil