Eventlog

White, Chad (MED) chad.white at med.ge.com
Thu Apr 3 03:27:43 CEST 2003

Previous message: Eventlog
Next message: Eventlog
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday, April 2, 2003, at 01:43  PM, Russell Adams wrote:

<snip>
> Having used several log parsing packages, I found LogSentry was quite
> good, but its now unavailable. Cisco bought Psionic Software
> (www.psionic.com) and all their software (LogSentry, PortSentry,
> HostSentry) is offline, though originally GPL'ed. :P

Actually, I just found out today that you can still get those packages. 
  The URL is now www.psionic.org.  I couldn't find it in a Google 
search, but I just randomly tried changing the com to .org and was 
pleasantly surprised ;)

> About 8 months ago when I setup my central syslog host, I decided on
> syslog-ng with a multi-host directory hierarchy
> (/var/log/HOSTS/hostname/year/month/day/loglevel). I also evaluated
> Logmuncher at that time. I've found I prefer Logmuncher's flexibility
> with my setup. A minor modification to Logmuncher to support the
> multi-host directory hierarchy and I've used it ever since. It works
> much like LogSentry, having dictionaries of regexp statements that
> match patterns in syslog messages to ignore, warn about by default, or
> immediately notify the admin as critical. As it stands, I have a
> common dictionary across my hosts, and then host specific dictionaries
> for ignore, warn, and critical. It sends email reports, and is
> configured to send critical emails to my pager via email. Logmuncher
> runs only on my central host at 5 minute intervals.
<snip>

What did you do to Logmuncher to allow for multiple hosts in separate 
directories?  That is the situation I am facing as I am using syslog-ng 
to centrally collect syslog for all my hosts.  What I would also really 
like is something like logsentry that will give me an overview of the 
previous days logs to review each day without a bunch of duplication.  
Logsentry does a good job when running on each individual host but it 
doesn't look easy to setup for multiple hosts on a logserver...

thx,
--chd

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Eventlog
Next message: Eventlog
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list