On Sun, 6 Sep 2009, Israel Garcia wrote: > On 9/6/09, [email protected] <[email protected]> wrote: >> On Sun, 6 Sep 2009, Israel Garcia wrote: >> >>> I have some debian lenny servers sending their logs (via TCP) to a >>> central rsyslog server. >>> Every remote servers has at /etc/rsyslog.conf: >>> >>> *.* @@IP_CENTRAL_SERVER >>> >>> So, I can see in the central syslog server all logs without problems. >>> I'm looking for a single and simple report, like logwatch for example >>> who process all logs and send me in ONE mail or on ONE html page all >>> resume info of all logs. I tried with logwatch and I didn't get this >>> report I'm looking for. >>> >>> My question is? >>> Is there any tool, script, app, etc which I run on the syslog server >>> and give me the information of all servers in a way as simple as >>> possible? Maybe in a single resume mail separated by a line for >>> example? >> >> there are a lot of products and projects out there to analyse logs and >> generate reports. >> >> the problem is that what I am interested in seeing in a report may or may >> not match what you are interested in seeing. >> >> also, most of this effort is taking place within originizations that have >> large volumes of logs, so distilling it down to a single report or e-mail >> requires that a lot of detail gets left out (and that goes back to exactly >> what you are interested in seeing) >> >> when you say you want one page that shows you 'everything', what is it >> that you want to see? > Hi, David > I mean, a report like logwatch use to send me everyday from each > server. As I said before, I'm collecting all servers logs (syslog and > auth.log) into my central syslog, so I need some tool like logwatch > running on the collector which send in one mail or in one html page. > . > I tried to configure logwatch in the collector without sucess. > > That's what I need. :-)
ok, so you want the report that you get from logwatch, that simplifies things. when you say you can't get it to work on the collector box, more info is needed. does logwatch give you the info that you want about the collector box? do you put the logs from all servers in one file? or do you split them by host? (or split them in other ways) how does logwatch fail? does it crash? give you incorrect information? other? David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
