Re: [PLUG] 'logtail' Re: 'logcheck'

bergman on 14 Oct 2009 16:30:33 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] 'logtail' Re: 'logcheck'

From: bergman@merctech.com

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] 'logtail' Re: 'logcheck'

Date: Wed, 14 Oct 2009 19:30:26 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

In the message dated: Wed, 14 Oct 2009 15:01:01 PDT, The pithy ruminations from Edmond Rodriguez on <[PLUG] 'logtail' Re: 'logcheck'> were: => So logcheck has a nice little program included called logtail, which is very nice and simple for => tailing a log where you left off the last time you tailed it. While logtail keeps the inode nu => mber of the log, it does not seem to deal with the rotation of the file. Right. If I recall correctly, it also doesn't deal well if the file is truncated (but the inode doesn't change). => => Logcheck deals with the rotation of a log, and get the last lines of a rotated log along with th => e lines of a new log file, but is more complex if all the checking it does is not needed. It als => o has a learning curve. => => Logtail is just one simple program file (I think). It does not parse, but is simple. => => Am I missing something here? Is there a simple canned way to stay simple with logtail, but still => deal with the rotation. I guess I could look at the inode myself, and check to see if a new fi => le exists, then run logtail on the old inode with the recorded offset. Then run logtail again o => n the new file. I ran into the same thing in ~2005. I know that I wrote a work-around...it just took me a while to find it. :) I've attached a copy of "tailc". It's a simple perl script (which I'd probably write differently if I was doing it over again). Enjoy. Mark => => Just wanted to mention the program logtail, and also see if I am missing something simple here. => => Edmond => => => => ----- Original Message ---- => > From: JP Vossen <jp@jpsdomain.org> => > To: plug@lists.phillylinux.org => > Sent: Sunday, March 22, 2009 4:17:35 PM => > Subject: [PLUG] 'logcheck' => > => > I have said this before but I am a huge fan of the Debian/Ubuntu => > implementation of logcheck. I am also not aware of any other major => > distro that makes using logcheck so "built-in" and easy. => > => > If you run any kind of Debian/Ubuntu server, you really need to be using => > this. As soon as something bad or new happens, you get an email. It's => > like magic. => > => => ___________________________________________________________________________ => Philadelphia Linux Users Group -- http://www.phillylinux.org => Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce => General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug =>
Attachment: tailc
Description: tailc

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

[PLUG] logtail2 Re: 'logtail' Re: 'logcheck'
From: Edmond Rodriguez <erodrig_97@yahoo.com>

References:

[PLUG] 'logtail' Re: 'logcheck'
From: Edmond Rodriguez <erodrig_97@yahoo.com>

Prev by Date: Re: [PLUG] 'logtail' Re: 'logcheck'

Next by Date: [PLUG] logtail2 Re: 'logtail' Re: 'logcheck'

Previous by thread: Re: [PLUG] 'logtail' Re: 'logcheck'

Next by thread: [PLUG] logtail2 Re: 'logtail' Re: 'logcheck'

Index(es):

Date

Thread