logfile scraping

[Carroll, Jim P [Contractor]]

I just wanted to check with everyone regarding the way they're checking
logfiles for strings to be alerted on.  For example:

- check /var/adm/messages for 'panic'/'PANIC'/'Panic'
- check /var/adm/messages for 'err'/'ERR'/'Err'
- check /var/adm/messages for 'warn'/'WARN'/'Warn'

I've mentioned before that check_log doesn't work (for me) and that the
design seems inferior to the contributed Perl-based check_log2 script.  But
I'm open to suggestions.

What way are you sifting through logfiles?  Standard plugin?  Something you
wrote?  How reliable has it been?  Have you missed anything you should have
been alerted on?  Has your solution misbehaved, or has it been reasonably
robust?  If you did something which the average sysadmin wouldn't jump on,
but in retrospect seems particularly clever, share your approach and
reasoning.

I'd like to stay away from 3rd party utilities (eg, SWATCH) where possible.

I'm also interested in knowing whether you're scraping the logfiles on the
hosts themselves, or whether you opted for a central syslog host for
scraping, and the trials and tribulations and the "if I could do it over
again, I would (not) do it this way again" sort of feedback.

This doesn't seem to be a FAQ, but if I get some salient input, I'll gladly
cobble something together to be added to Ethan's FAQ page.  Logfile scraping
is (to me) an important way of capturing things that would otherwise slip
through the cracks.

If you elect to send your response directly to me (off-list), I'll summarize
early next week.

jc


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf