Logwatch replacement..

Ian Mortimer ian at physics.uq.edu.au
Mon Jan 10 04:07:16 UTC 2005


On Sun, 2005-01-09 at 08:29, Harry Putnam wrote:

> Saying it can be made to `report what you want' is quite a big
> exaggeration.

You can edit the existing filters to prune things you're not
interested in.  Not as simple as dropping a regex into a config
file but it's doable.

> Leaving the dates and times out of reported lines is really not what I
> want to see either.  Something logwatch does by default I guess.
> I can't imagine when that would ever be usefull.  

It's always useful.  The goal is to reduce the number of lines
you have to read.  By eliminating dates and times, logwatch can
just return a count of identical lines instead of returning
each line.

> Assuming logwatch
> actually reported something worth my attention, I'm almost certainly
> going to want to know EXACTLY when it happened.  And Exactly which log
> it was reported in.

logwatch tells you which log it was in by the header.  If there's
an entry needing attention you can go to that host and look for it
in the logs.

You could do what I did and write your own script to pull out the
information you want from whatever logs you're interested in.  
To get started try this:

   grep -vEf $excl  /var/log/messages

(where $excl is a file of exclude patterns).

or without the v, grep with a file of include patterns.

Then you can just add patterns to the exclude/include file until
you're getting all and only the information you want.

   
-- 
Ian




More information about the users mailing list