Tyler Rutschman wrote: > Hello everyone, I've been looking for a log monitoring solution for my > central log server for a while now and want to believe I've found an > answer in SEC. I need to generate reports every week based on logon > successes and failures for a number of servers. They are stored in a > format like /var/log/HOSTS/HOSTNAME/2008/05/29/auth20080529.log. I would > like to set up a calendar setting in the conf file or a cron job to run > SEC weekly to generate reports, but cannot determine how to parse > through the directories automatically. I'm not asking for a direct > solution per se, but a confirmation that this can be done with SEC or > ideas how I could approach this would be appreciated. If not, can anyone > suggest an alternative? > > Thanks, > Tyler >
Tyler, yes, it can be done with SEC. SEC supports Calendar rules that offer the same functionality as crond, and it makes no difference whether you invoke the reporting shell script or command line from crond or from SEC Calendar rule. The command line and script must just do the right thing for you. Your question on log file name detection is actually a question about scripting, and the answer depends on what language you would like to use. The following example works for bash on Linux: export I=6; while [ $I -ge 0 ]; do FILE=`date -d "$I days ago" +'/var/log/HOSTS/HOSTNAME/%Y/%m/%d/auth%Y%m%d.log'`; echo $FILE; I=`expr $I - 1`; done This command line finds the file names for last 7 days, assigns each file name to FILE shell variable and prints it out. Note that instead of 'echo $FILE' you can do other things with a file (like counting its lines). If you would like to form the list from file names and process them at a later time, you could use the following command line: export I=6; while [ $I -ge 0 ]; do FILE=`date -d "$I days ago" +'/var/log/HOSTS/HOSTNAME/%Y/%m/%d/auth%Y%m%d.log'`; LIST="$LIST $FILE"; I=`expr $I - 1`; done; echo $LIST hth, risto > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
