On Thu, Mar 6, 2008 at 9:55 AM, Rainer Gerhards <[EMAIL PROTECTED]> wrote: > I am not so involved with logwatch. Let me ask feature-wise: what > capabilities do you need to do the job?
About 99% of what's in messages or secure is trivia. JoeBob logged in, ran a sudo command and logged off. An authenticated mount request was received from ip.add.re.ss. That sort of thing. What I'm looking for is a parser that can pick out the (hopefully) rare messages that indicates a problem like a disk drive is reporting errors. I can modify big brother and logwatch to do this but I am curious if anyone has a favorite package I haven't heard of yet. > Rainer > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:rsyslog- > > [EMAIL PROTECTED] On Behalf Of Stephen Carville > > Sent: Thursday, March 06, 2008 6:54 PM > > To: rsyslog-users > > Subject: [rsyslog] Log watch software > > > > I have a cenltralized repository usng rsyslogm and syslog to mirror > > /var/log/messages, /var/log/secure ,and information messages from > > cfengine. In the near future I hope to get auditd reporting to a > > central server. My immedate taks is to add some log analysis software > > on teh central server. I've started modifiying LogWatch to work with > > MySQL -- thats pretty straightforward -- but I'm curious what other > > solutions there may be out there. FOSS is preferred but a I'm not > > against a reasonably priced commercial product. So far everything > > Google has returned are commercial products for Windows sytems. > > > > -- > > Stephen Carville > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > -- Stephen Carville _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
