Linode.com Forum

[sednet]

Whats the best way to monitor syslog data from around 50 linux machines? What do you use?

Ideally I'd like to specify a list of regular expressions of stuff to ignore and get told about everything else one a day.

[encode]

Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.

[sednet]

encode wrote: Admittedly I only monitor a few linux machines, but I find Logwatch to be quite effective.

Basically it parses the syslog data into a report, and emails it to a specified email address.

I guess reading 50 of those would quickly become tedious though, so it's probably not too much benefit in your situation.

I looked at logwatch but didn't see how to make it do what I want. The problem seems to be that I don't know what I'm looking for, only what should be ignored.

[irgeek]

If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

--James

[zibeli]

irgeek wrote: If the hosts are all on the same LAN (or all have very good Internet connectivity) you can have syslog on each host forward entries to a central monitoring host. You can then set up that central monitoring host to do daily log rotations and have a post-rotate script that parses the previous day's logs and emails you the results. The script to do the parsing should be pretty easy to write.

At least, that's how I'd do it.

--James

And Code: grep -v -f regexlist centrallogfile might work as the script