[Gllug] log analysis
Russell Howe
rhowe at wiss.co.uk
Tue Sep 14 14:28:47 UTC 2004
On Wed, Sep 08, 2004 at 10:58:01PM +0100, Craig Millar wrote:
> Hi all,
> Was wondering if i could whip up a bash script and cron it to send me a
> weekly email of anything unusual it turns up in my logs. I do like to go
> through the logs from time to time and keep an eye out for anything
> untoward, ie intrusion attempts or anything glaringly wrong of which I
> should be aware.
I use logcheck, but it's rather basic - will look into logwatch which
others have suggested.
logcheck is just a list of regexes which are matched against a set of
log files using egrep.
There are lists of things to ignore and things to shout about.
It runs from cron, and emails all the relevant lines.
I even have the Windows boxen at work running NTsyslog to fire their
event logs to a syslog box, whereupon logcheck does the dirty.
Saves reading through that infernal event viewer!
--
Russell Howe | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list