| Morgan Jones on 23 Mar 2011 13:49:53 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Is there a better name for... |
How is logcheck different from just using rsyslog to filter/sort as the logs come in? The obvious difference seems to be that logcheck seems to work on existing log files.. which could be good or bad. -morgan On Mar 23, 2011, at 4:23 PM, JP Vossen wrote: > ...a "log check"? > > I've talked about this before, there is a package in Debian & Ubuntu, and a project site: > * logcheck - mails anomalies in the system logfiles to the administrator > * http://logcheck.org/ > > The idea is simple at a high level and works really well, though there can be implementation gotchas. > > You take your logs, or output, or whatever and: > 1) Remove stuff you recognize and don't care about > 2) Find stuff you *know* is bad, but then remove stuff that only *looks* bad > 3) Take the remainder > > So you end up with 2 buckets: > A) Stuff you know is bad > B) Stuff you don't recognize (so either it's bad or you tune it out) > > Then over time you tune your patterns (usually regular expressions) to reduce "B." > > This turns out to be really useful for log monitoring, or handling the output from long noisy processes (like compiles that don't set good exit codes). > > To the best of my knowledge [1], Marcus J. Ranum and Fred Avolio wrote the oldest implementation in this context with the 'frequentcheck.sh' script for TIS Gauntlet, circa early 1990's. But it seems like it should be a basic sort of "Computer Science" thing, related to filtering or something. So, can anyone think of a better name and/or older example for this process or concept? > > > Thanks, > JP > ____________________ > Footnote: > [1] http://logcheck.org/docs/README-psionic > ----------------------------|:::======|------------------------------- > JP Vossen, CISSP |:::======| http://bashcookbook.com/ > My Account, My Opinions |=========| http://www.jpsdomain.org/ > ----------------------------|=========|------------------------------- > "Microsoft Tax" = the additional hardware & yearly fees for the add-on > software required to protect Windows from its own poorly designed and > implemented self, while the overhead incidentally flattens Moore's Law. > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug