Eventlog

White, Chad (MED) chad.white at med.ge.com
Thu Apr 3 21:02:33 CEST 2003


I would really appreciate if you could send me your patch.  From 
reading your description below it looks like the only thing that I 
would like that your patched version of logmuncher doesn't do is the 
ability to weed out multiple hits that are the same problem over and 
over.  That isn't a very big deal compared to the flexibility that you 
get with this setup though.

I'll be sure to email the author and let him know that we are enjoying 
your patch if everything works out ;)

thx,
--chd

On Thursday, April 3, 2003, at 06:33  AM, Russell Adams wrote:

> I modified Logmuncher to work with the multi-host directory hierarchy
> I setup, and returned a patch to the author. I'd be happy to give you
> a copy of the patch, or you can try emailing the author. I'm hoping
> he'll integrate it into the next release.
>

> <snip>

> Here's a sample config: /etc/logmuncher/conf/soja
>
> subject soja %d %t Logmuncher Report
> header ********** soja Log Entries **********
>
> mtailfile       /var/log/HOSTS/soja/*/*/*/*
> re-ignore       /etc/logmuncher/patterns/common
> re-ignore       /etc/logmuncher/patterns/soja
> send-report     rladams at kNeOlSsPeAyM-seybold.com
>
> This sample file just uses two exclude dictionaries, common (for
> messages common to all hosts) and soja (for just that host). I have
> other files that use the "re-report" to watch for specific patterns
> and send out mail to email pagers when certain messages occur.
>
> The mtailfile directive is added by my patch, to take a multi-file
> argument for the files to examine with logtail. My hosts all log into
> /var/log/HOSTS/hostname/year/month/day/loglevel, and I have a script
> that archives anything older than 2 months in order to keep the number
> of files to parse down.
>
> Having individual config files per host, and individual pattern files
> / dictionaries makes multi-host management with Logmuncher a
> breeze. Works like a charm too.
>
> Russell
>
> On Wed, Apr 02, 2003 at 05:27:43PM -0800, White, Chad (MED) wrote:
>>
>> On Wednesday, April 2, 2003, at 01:43  PM, Russell Adams wrote:
>>
>> <snip>
>>> Having used several log parsing packages, I found LogSentry was quite
>>> good, but its now unavailable. Cisco bought Psionic Software
>>> (www.psionic.com) and all their software (LogSentry, PortSentry,
>>> HostSentry) is offline, though originally GPL'ed. :P
>>
>> Actually, I just found out today that you can still get those 
>> packages.
>>  The URL is now www.psionic.org.  I couldn't find it in a Google
>> search, but I just randomly tried changing the com to .org and was
>> pleasantly surprised ;)
>>
>>
>>> About 8 months ago when I setup my central syslog host, I decided on
>>> syslog-ng with a multi-host directory hierarchy
>>> (/var/log/HOSTS/hostname/year/month/day/loglevel). I also evaluated
>>> Logmuncher at that time. I've found I prefer Logmuncher's flexibility
>>> with my setup. A minor modification to Logmuncher to support the
>>> multi-host directory hierarchy and I've used it ever since. It works
>>> much like LogSentry, having dictionaries of regexp statements that
>>> match patterns in syslog messages to ignore, warn about by default, 
>>> or
>>> immediately notify the admin as critical. As it stands, I have a
>>> common dictionary across my hosts, and then host specific 
>>> dictionaries
>>> for ignore, warn, and critical. It sends email reports, and is
>>> configured to send critical emails to my pager via email. Logmuncher
>>> runs only on my central host at 5 minute intervals.
>> <snip>
>>
>> What did you do to Logmuncher to allow for multiple hosts in separate
>> directories?  That is the situation I am facing as I am using 
>> syslog-ng
>> to centrally collect syslog for all my hosts.  What I would also 
>> really
>> like is something like logsentry that will give me an overview of the
>> previous days logs to review each day without a bunch of duplication.
>> Logsentry does a good job when running on each individual host but it
>> doesn't look easy to setup for multiple hosts on a logserver...
>>
>> thx,
>> --chd
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when 
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list