List,
I wrote a quick and dirty log checking script that may be useful to
others so I thought I would post it:
http://www.aptalaska.net/~matt.s/logcheck/
The script is pretty simple, you define one or more groups that look
like this:
SEARCHNAME[0]="Warning"
SEARCHFILE[0]="/etc/search.warning.logcheck"
OMITFILE[0]="/etc/omit.warning.logcheck"
SEARCHLOGS[0]="/var/log/messages /var/log/maillog"
NOTIFYADDR[0]="sysadmin@domain.com"
Simply name the report, define a file with a list of search critiria
using grep syntax, one search item per line, another file with a list of
search criteria you wish to omit in the same format, the logs, and where
to email them.
This makes things handy because you can put 'root' in your
/etc/search.warning.logcheck file, but then 'sm-mta' in your
/etc/omit.warning.logcheck. This will email you when root is doing
something in the log, unless it's an email message.
I use this script to notify myself whenever cron is updated, or someone
logs in with ssh. I also look for various connection rate limiting that
I'm doing in sendmail.
*CAUTION* this script uses sendmail to send email, if you don't have
sendmail it's up to you to figure out what mail sending replacement your
MTA provides and how to make it work.
schu
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jul 19 11:55:59 2005
This archive was generated by hypermail 2.1.8 : Tue Jul 19 2005 - 11:56:00 AKDT