Syslog scanning
From: Steve Baker (steve.baker_at_notthis-jakata.net)
Date: 08/17/05
- Next message: ric: "Re: HELP i need java..."
- Previous message: ric: "Re: HELP i need java..."
- Next in thread: Jean-David Beyer: "Re: Syslog scanning"
- Reply: Jean-David Beyer: "Re: Syslog scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 17 Aug 2005 17:20:12 +0100
We have a load of machines spitting out various concoctions of message to a
central syslog server. The messages generally contain something about
severity, such as "error" or "warning" or "info", etc. The problem is, how
bad an issue a particular "warning" or "error" really is depends on some
complex rules. The rules are typically "this is only bad if it's happened
XXX times in the last XXX minutes" or "this is bad if it's happened together
with something else" or "this is bad if something else has happened just
before it". Also, some error or warning conditions can be ignored "this
isn't a worry if it takes this particular form or contains this string".
So, in order to scan the syslog sensibly and trigger alarms, we need some
kind of syslog scanner which is very smart and can do this complex rule
stuff. There are lots of log scanners around, but there doesn't seem to be
anything which addressed this type of need.
Can anyone recommend anything? What are the rest of you using in large-scale
Linux installations?
Thanks,
Steve
(Linux RHEL3, by the way, not that it should make a difference)
- Next message: ric: "Re: HELP i need java..."
- Previous message: ric: "Re: HELP i need java..."
- Next in thread: Jean-David Beyer: "Re: Syslog scanning"
- Reply: Jean-David Beyer: "Re: Syslog scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
