[rsyslog] Log watch software

[Stephen Carville]

On Thu, Mar 6, 2008 at 9:55 AM, Rainer Gerhards
<rgerhards at hq.adiscon.com> wrote:
> I am not so involved with logwatch. Let me ask feature-wise: what
>  capabilities do you need to do the job?

About 99% of what's in messages or secure is trivia.  JoeBob logged
in, ran a sudo command and logged off.  An authenticated mount request
was received from ip.add.re.ss.  That sort of thing.  What I'm looking
for is a parser that can pick out the (hopefully) rare messages that
indicates a problem like a disk drive is reporting errors.

I can modify big brother and logwatch to do this but I am curious if
anyone has a favorite package I haven't heard of yet.

>  Rainer
>
>
>
>  > -----Original Message-----
>  > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
>  > bounces at lists.adiscon.com] On Behalf Of Stephen Carville
>  > Sent: Thursday, March 06, 2008 6:54 PM
>  > To: rsyslog-users
>  > Subject: [rsyslog] Log watch software
>  >
>  > I have a cenltralized repository usng rsyslogm and syslog to mirror
>  > /var/log/messages, /var/log/secure ,and information messages from
>  > cfengine.  In the near future I hope to get auditd reporting to a
>  > central server.  My immedate taks is to add some log analysis software
>  > on teh central server.  I've started modifiying LogWatch to work with
>  > MySQL -- thats pretty straightforward -- but I'm curious what other
>  > solutions there may be out there. FOSS is preferred but a I'm not
>  > against a reasonably priced commercial product.   So far everything
>  > Google has returned are commercial products for Windows sytems.
>  >
>  > --
>  > Stephen Carville
>  > _______________________________________________
>  > rsyslog mailing list
>  > http://lists.adiscon.net/mailman/listinfo/rsyslog
>  _______________________________________________
>  rsyslog mailing list
>  http://lists.adiscon.net/mailman/listinfo/rsyslog
>



-- 
Stephen Carville