| Randall A Sindlinger on 23 Mar 2011 14:55:34 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Is there a better name for... |
LogCop? These names are already "taken" - BigBrother [1] and Sawmill [2]. Hmm, so is logcop, apparently [3]. And now that I bother checking, so is Logsurfer [4,5] :-) I dunno... what would make it a "better" name? Sexier, or more descriptive? It looks like it's possible Todd Atkins of Stanford University may have written swatch in the same time period as Ranum and Avolio [5]. TechRepublic reviewed logcheck and swatch in 2001 [6]. If you're tinkering with resurrecting the project, I might be interested in contributing. (Though summer does tend to be a _*very*_ busy time for me.) -Randall [1] http://bb4.com/ [2] http://www.sawmill.net/ [3] http://code.google.com/p/logcop/ [4] http://www.crypt.gen.nz/logsurfer/ [5] http://logsurfer.sourceforge.net/ [6] http://www.techrepublic.com/article/default-installation-directories/1060690 On Wed, Mar 23, 2011 at 04:28:37PM -0400, Doug Stewart wrote: > Logsurfer? > > On Wed, Mar 23, 2011 at 4:23 PM, JP Vossen <jp@jpsdomain.org> wrote: > > ...a "log check"? > > > > I've talked about this before, there is a package in Debian & Ubuntu, and a > > project site: > > * logcheck - mails anomalies in the system logfiles to the administrator > > * http://logcheck.org/ > > > > The idea is simple at a high level and works really well, though there can > > be implementation gotchas. > > > > You take your logs, or output, or whatever and: > > 1) Remove stuff you recognize and don't care about > > 2) Find stuff you *know* is bad, but then remove stuff that only *looks* bad > > 3) Take the remainder > > > > So you end up with 2 buckets: > > A) Stuff you know is bad > > B) Stuff you don't recognize (so either it's bad or you tune it out) > > > > Then over time you tune your patterns (usually regular expressions) to > > reduce "B." > > > > This turns out to be really useful for log monitoring, or handling the > > output from long noisy processes (like compiles that don't set good exit > > codes). > > > > To the best of my knowledge [1], Marcus J. Ranum and Fred Avolio wrote the > > oldest implementation in this context with the 'frequentcheck.sh' script for > > TIS Gauntlet, circa early 1990's. But it seems like it should be a basic > > sort of "Computer Science" thing, related to filtering or something. So, > > can anyone think of a better name and/or older example for this process or > > concept? > > > > > > Thanks, > > JP > > ____________________ > > Footnote: > > [1] http://logcheck.org/docs/README-psionic > > ----------------------------|:::======|------------------------------- > > JP Vossen, CISSP |:::======| http://bashcookbook.com/ > > My Account, My Opinions |=========| http://www.jpsdomain.org/ > > ----------------------------|=========|------------------------------- > > "Microsoft Tax" = the additional hardware & yearly fees for the add-on > > software required to protect Windows from its own poorly designed and > > implemented self, while the overhead incidentally flattens Moore's Law. > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org > > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > > > > > > -- > -Doug > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug