Eventlog

Carroll, Jim P [Contractor] jcarro10 at sprintspectrum.com
Tue Apr 29 23:47:02 CEST 2003
Previous message: Eventlog
Next message: can t have same host in hostextinfo and serviceextinfo
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This just in:  I've just learned of another took which might be another way to slice and dice the logs.  Found out about the Epylog log analyzer, courtesy of the author of yum:

Epylog:

http://linux.duke.edu/projects/epylog/

Yum:

http://linux.duke.edu/projects/yum/

Not sure how versatile Epylog would be, but apparently it does support syslog-ng.  Check out the sample output.

jc


> -----Original Message-----
> From: White, Chad (MED) [mailto:chad.white at med.ge.com]
> Sent: Thursday, April 03, 2003 1:03 PM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Eventlog
> 
> 
> I would really appreciate if you could send me your patch.  From 
> reading your description below it looks like the only thing that I 
> would like that your patched version of logmuncher doesn't do is the 
> ability to weed out multiple hits that are the same problem over and 
> over.  That isn't a very big deal compared to the flexibility 
> that you 
> get with this setup though.
> 
> I'll be sure to email the author and let him know that we are 
> enjoying 
> your patch if everything works out ;)
> 
> thx,
> --chd
> 
> On Thursday, April 3, 2003, at 06:33  AM, Russell Adams wrote:
> 
> > I modified Logmuncher to work with the multi-host directory 
> hierarchy
> > I setup, and returned a patch to the author. I'd be happy 
> to give you
> > a copy of the patch, or you can try emailing the author. I'm hoping
> > he'll integrate it into the next release.
> >
> 
> > <snip>
> 
> > Here's a sample config: /etc/logmuncher/conf/soja
> >
> > subject soja %d %t Logmuncher Report
> > header ********** soja Log Entries **********
> >
> > mtailfile       /var/log/HOSTS/soja/*/*/*/*
> > re-ignore       /etc/logmuncher/patterns/common
> > re-ignore       /etc/logmuncher/patterns/soja
> > send-report     rladams at kNeOlSsPeAyM-seybold.com
> >
> > This sample file just uses two exclude dictionaries, common (for
> > messages common to all hosts) and soja (for just that host). I have
> > other files that use the "re-report" to watch for specific patterns
> > and send out mail to email pagers when certain messages occur.
> >
> > The mtailfile directive is added by my patch, to take a multi-file
> > argument for the files to examine with logtail. My hosts 
> all log into
> > /var/log/HOSTS/hostname/year/month/day/loglevel, and I have a script
> > that archives anything older than 2 months in order to keep 
> the number
> > of files to parse down.
> >
> > Having individual config files per host, and individual 
> pattern files
> > / dictionaries makes multi-host management with Logmuncher a
> > breeze. Works like a charm too.
> >
> > Russell
> >
> > On Wed, Apr 02, 2003 at 05:27:43PM -0800, White, Chad (MED) wrote:
> >>
> >> On Wednesday, April 2, 2003, at 01:43  PM, Russell Adams wrote:
> >>
> >> <snip>
> >>> Having used several log parsing packages, I found 
> LogSentry was quite
> >>> good, but its now unavailable. Cisco bought Psionic Software
> >>> (www.psionic.com) and all their software (LogSentry, PortSentry,
> >>> HostSentry) is offline, though originally GPL'ed. :P
> >>
> >> Actually, I just found out today that you can still get those 
> >> packages.
> >>  The URL is now www.psionic.org.  I couldn't find it in a Google
> >> search, but I just randomly tried changing the com to .org and was
> >> pleasantly surprised ;)
> >>
> >>
> >>> About 8 months ago when I setup my central syslog host, I 
> decided on
> >>> syslog-ng with a multi-host directory hierarchy
> >>> (/var/log/HOSTS/hostname/year/month/day/loglevel). I also 
> evaluated
> >>> Logmuncher at that time. I've found I prefer Logmuncher's 
> flexibility
> >>> with my setup. A minor modification to Logmuncher to support the
> >>> multi-host directory hierarchy and I've used it ever 
> since. It works
> >>> much like LogSentry, having dictionaries of regexp statements that
> >>> match patterns in syslog messages to ignore, warn about 
> by default, 
> >>> or
> >>> immediately notify the admin as critical. As it stands, I have a
> >>> common dictionary across my hosts, and then host specific 
> >>> dictionaries
> >>> for ignore, warn, and critical. It sends email reports, and is
> >>> configured to send critical emails to my pager via email. 
> Logmuncher
> >>> runs only on my central host at 5 minute intervals.
> >> <snip>
> >>
> >> What did you do to Logmuncher to allow for multiple hosts 
> in separate
> >> directories?  That is the situation I am facing as I am using 
> >> syslog-ng
> >> to centrally collect syslog for all my hosts.  What I would also 
> >> really
> >> like is something like logsentry that will give me an 
> overview of the
> >> previous days logs to review each day without a bunch of 
> duplication.
> >> Logsentry does a good job when running on each individual 
> host but it
> >> doesn't look easy to setup for multiple hosts on a logserver...
> >>
> >> thx,
> >> --chd
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: ValueWeb:
> > Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> > No other company gives more support or power for your 
> dedicated server
> > http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when 
> > reporting any issue.
> > ::: Messages without supporting info will risk being sent 
> to /dev/null
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb: 
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS 
> when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Eventlog
Next message: can t have same host in hostextinfo and serviceextinfo
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list