See responses inline/below.
Micha vor dem Berge wrote:
Hi there,
I'm new to epylog and am struggling with some things right now.
Welcome to the epylog community! I've certainly struggled with some
things related to epylog.
<snip>
So, should we change all the default search-paths for the modules to
fit
a modern linux system (let's say a debian lenny ;) )? And should we
likewise change the regex-patterns to work properly on such a system?
Just to give you an idea: the logins-module on debian lenny needs to
search in
files
= /var/log/mail.log[.#], /var/log/syslog[.#], /var/log/auth.log[.#]
the 'original' epylog searches in
files = /var/log/messages[.#], /var/log/secure[.#]
which is completely different.
These 'original' epylog files are used on fedora/redhat systems.
I'm
not familiar enough with BSD or the history of epylog to know why it's
set up that way. I also don't know how much log messages have changed,
but most of the core ones work well on our redhat installations (RHEL
3-5). I have created some new modules for yum, up2date, sudo, and
selinux, but logins and email work "out of the box".
Suggestions?
Find which log files are needed for each module, and update the conf
file in /etc/epylog/modules.d/. You should only have to do this once.
As to whether other log sources are included in epylog, I'll leave that
up to others. Using mail as an example, would there be a performance
hit (and if so, how much of one) to tell epylog to search for both
/var/log/mail.log[.#] and /var/log/maillog[.#]?
Jeremy
--
: Jeremy Kindy
: System Administrator
: Wake Forest University
: Red Hat Certified Engineer, RHEL5
:
: email - kindyjd(a)wfu.edu
: work - 336-758-3076
: cell - 336-782-8500
--