[syslog-ng] few questions about patterndb

Clayton Dukes cdukes at gmail.com
Thu Jun 24 14:51:08 CEST 2010


Sounds like a Job for LogZilla :-)
(shameless plug - my tool)
http://nms.gdd.net/index.php/LogZilla

You can also use SEC (simple event correllator) to decide which messages to log.

______________________________________________________________

Clayton Dukes
______________________________________________________________



On Thu, Jun 24, 2010 at 2:34 AM, Hendrik Pahl <pahl at team-datentechnik.de> wrote:
> Hi,
>
> ...
>> That said, it does not soundlike you need to use it for what you're
>> trying to do.
>
> Okay, i already had the feeling patterndb was not the one really
> giving me a solution. I simply need something to bring down the
> relevant loglines, since 1.5M lines/month in a logfile/different
> logfiles are simply much to much to monitor/read.
>
> Grepping after "error" or "warning" or "failure" is just one approach,
> but never will be the only one, since this might kick out things i
> wanna definitely see.
>
> currently i'm looking at logfiles and size down the amount of lines by
> piping the cat output into sed, which kicks out the informational and
> overhead lines. this ia an iterative apporach, since i refine the sed
> expression time to time.
>
> How are others managing this issue?
>
>
>
> i.A. Hendrik Pahl
> System Engineering
>
> team! datentechnik GmbH & Co.KG
> Werner von Siemens Straße 12a
> 49124 Georgsmarienhuette
> Tel.: +49 (0)5401-8226-50
> Fax : +49 (0)5401-8226-55
>
> E-Mail: pahl at team-datentechnik.de
> Internet: www.team-datentechnik.de
> HRA 110397, Amtsgericht Osnabrück
> Geschäftsführung: Reemt Lükenga
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
> erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie
> diese E-Mail. Vielen Dank.
>
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht
> gestattet.
>
> This e-mail contains confidential and/or privileged information. If
> you are not
> the intended recipient (or have received this e-mail in error) please notify
> the sender and delete this message.
> Thank you.
>
> Any unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


More information about the syslog-ng mailing list