12.6. Some Simple Log-Reporting Tools
Before we leave the topic of
logging and log reporting, I should say
just a few words about a less glamorous category of log tools:
offline or non-real-time
log reporters. The idea behind these is that periodically reviewing
automatically-excerpted parts of your logfiles, while not as good as
monitoring things in real time, is better than nothing.Log reporters run as cron jobs. At the appointed time, the reporter
searches the designated logfiles for particular words or strings
(specified in a configuration file or word list), gleans some simple
system statistics by running commands such as df
and free, and emails a handy report to
root (or some other designated user).Over the years, I've found these sorts of utilities
to be a nice sanity check against other mechanisms. However, be
forewarned: you won't learn about anything important
in such a log report until well after the fact!
Therefore I recommend using log reporters in addition
to, not instead of, real-time log-checkers such as
Syslog-ng match( ) rules and Swatch.SUSE's log reporting package is called
logdigest; Debian's is called
logcheck; Red Hat and Fedora use
logwatch. See these tools'
respective manpages for configuration and usage information. |
لطفا منتظر باشید ...
