On Feb 20, 2008 10:51 AM, Ryan Corder <[EMAIL PROTECTED]> wrote: > > On Wed, Feb 20, 2008 at 08:32:31AM -0800, Rami Sik wrote: > | I would like to see what you'd suggest as a log analyzer tool(s) on a > | centralized log server running syslog-ng. > | > | I also need to use a specific tool as PF log analyzer. What do you > | suggest for that purpose? > > I prefer to use a log notification tool instead of relying on a tool > to figure out what is going on. Since I pretty much know what I'm looking > out for, I can define certain things to watch for and then set up > appropriate notifications. > > Check out tenshi -- written for Gentoo Linux, but is just Perl.
Another vote for Tenshi. Probably the best way to do it with syslog-ng is to have syslog-ng forward logs to Tenshi (listening on loopback) because otherwise Tenshi won't be able to follow the logs (if you organize them by date, etc.). -Kian
