From: Vincent Danen <vdanen@linsec.ca>
Subject: monitoring svlogd-produced logfiles
Date: Wed, 14 Jun 2006 17:35:08 -0600 [thread overview]
Message-ID: <20060614233508.GP898@annvix.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1901 bytes --]
Quick question here... is anyone using anything like swatch or SEC to
parse/monitor svlogd-produced logfiles? I'm having some issues with
tail where it won't follow ./current when it rotates, which is causing
me some grief. I ended up solving it to some extent using the perl
File::Tail module with swatch, but I'm not overly satisfied with the
results, because swatch will now only let me monitor a single logfile
rather than two (my catchall log and the kernel log from socklog), and
on my loghost I need it to look at probably a dozen logs.
So I'm looking for a good alternative that properly follows ./current
(or reloads it on rotation) and can handle multiple logfiles.
There's a whole bunch of different programs out there so I'm hoping that
someone can share what they're using to save me some time. I'm
currently looking at SEC, and it seems quite powerful.
The other thing I was considering was to see if I could make svlogd
write to one end of a named pipe and have the log watcher on the end,
avoiding disk writes completely (and let the log watcher write
"summarized" logs). This would be a benefit when having two "*.*"
services, one writing the logs and the other writing them to the named
pipe. But I'm not sure if named pipes are exclusive, i.e. can I have
multiple svlogd processes writing to the same named pipe at the same
time?
Ideally, the log watcher should be able to run supervised as well
because although I'd like to watch it realtime (I like swatch's
colorized output), I'd like it to also write the "summary" log as well,
which would be retained for a longer period of time than the standard
logs.
Any suggestions?
Thanks in advance.
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
:: Annvix - Secure Linux Server: http://annvix.org/ ::
[-- Attachment #2: Type: application/pgp-signature, Size: 186 bytes --]
next reply other threads:[~2006-06-14 23:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-14 23:35 Vincent Danen [this message]
2006-06-14 23:40 ` Alex Efros
2006-06-16 11:03 ` George Georgalis
2006-06-16 11:08 ` Alex Efros
2006-06-16 13:18 ` George Georgalis
2006-06-16 19:08 ` Vincent Danen
2006-06-18 2:48 ` George Georgalis
2006-06-18 2:57 ` Alex Efros
2006-06-14 23:59 ` Alex Efros
2006-06-15 0:10 ` Vincent Danen
2006-06-15 0:25 ` Alex Efros
2006-06-15 3:32 ` Vincent Danen
2006-06-15 16:32 ` Vincent Danen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060614233508.GP898@annvix.org \
--to=vdanen@linsec.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).