[syslog-ng] E-mail alert from Syslog-NG!
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Oct 8 17:38:22 CEST 2007
On Mon, 08 Oct 2007 16:49:36 +0800, Wilson Lai said:
> Would there be any tool to check the severity of the log
> message and alert me by mail once
>
> receiving the event log message with "error" severity?
We use tools like logwatch and swatch to do this sort of thing:
http://www.logwatch.org
http://swatch.sourceforge.net/
Both of these are regexp based, and would probably need work to flag stuff
specifically based on the syslog priority. Though it wouldn't be too
hard to say 'log all error and higher to a specific file", and then point
one of those two at that file, and tell them to match ^.*$ (and your
problem is solved).
You'll probably find out that a good number of programs don't use 'error'
to flag errors (one of the reasons we went with regexp based tools - the
first setup to get them all the regexps to get rid of all the noise was
*huge* (some of our servers blatted out 87M-sized e-mails the first few
times till we ignored the right stuff)....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071008/bd258650/attachment.pgp
More information about the syslog-ng
mailing list