Hi All, Thank You all for your input. Ideally it would be best to have some sort of log rotation that would keep the file sizes down to a minimum. But this is something out of my control. I appreciate all the various different suggestions.
Patrick ________________________________ From: Zhihong Zhu [mailto:[email protected]] Sent: Wednesday, June 20, 2012 7:26 AM To: spectrum Cc: Murtey, Patrick; spectrum Subject: RE:[spectrum] Log monitoring If money is not an issue, you could look into EMC's RSA enVision. Charles Craig Cook ---06/20/2012 09:44:36 AM---Depends what you are looking for. Simple keyword matching? I have to see "string A" X times before From: Craig Cook <[email protected]> To: "spectrum" <[email protected]> Cc: "'[email protected]'" <[email protected]> Date: 06/20/2012 09:44 AM Subject: RE:[spectrum] Log monitoring ________________________________ Depends what you are looking for. Simple keyword matching? I have to see "string A" X times before I want an alert?. I need to see "string A" followed by "string B" then send an alert? Nagios/Xymon/many open source tools can do simple keyword matching. If you just want to monitor one log file you could use perl. If you want full log monitoring on all hosts and money is not an issue look at splunk. If money is an issue something like this may work: http://redbluemagenta.com/2011/08/19/modern-log-management-and-monitorin g/ <http://redbluemagenta.com/2011/08/19/modern-log-management-and-monitori ng/> This may be something to look at (it can do complicated rules): http://www.ossec.net/ <http://www.ossec.net/> Craig From: Sorrell, Al [mailto:[email protected]] Sent: Tuesday, June 19, 2012 5:38 PM To: spectrum Cc: '[email protected]' Subject: RE:[spectrum] Log monitoring Might also look at SEC http://simple-evcorr.sourceforge.net/ <http://simple-evcorr.sourceforge.net/> It might be overkill but does pattern matching, correlation of events, can execute whatever you want as the result of a rule match, etc. Al ________________________________ From: De Munter, Erwin [mailto:[email protected] <mailto:[email protected]> ] Sent: Tuesday, June 19, 2012 3:43 PM To: spectrum Cc: spectrum Subject: RE:[spectrum] Log monitoring Simple local script that on interval analyse the catalina log, filter, analyze and then put possible alerts in a another log file, for sysedge pattern matching. Combination with a good syntax, and some good rules in custom eventdisp give you a lot of possibilities for handling From: Murtey, Patrick [mailto:[email protected] <mailto:[email protected]> ] Sent: dinsdag 19 juni 2012 19:42 To: spectrum Subject: [spectrum] Log monitoring Hi All, Looking for some assistance with log monitoring of huge files. I would usually use a systemedge agent to perform most of my log monitoring needs. However, I have encountered a situation where this will not work since sysedge has a 4gb size limitation. I need to be able to monitor the Catalina.out log file on one of our enterprise Web servers. As I mentioned the files can be in excess of 4gb. Has anyone out there been through this similar scenario and what would you use to monitor for exceptions in this log? Thanks In Advance Patrick Murtey MGM RESORTS Information Technology [email protected] <mailto:[email protected]> * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] * --To unsubscribe from spectrum, send email to [email protected] <mailto:[email protected]> with the body: unsubscribe spectrum [email protected] * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
<<image001.gif>>
