[aklug] Re: Logs

From: Royce Williams <royce@tycho.org>
Date: Fri Dec 24 2010 - 08:24:03 AKST

Christopher Howard said, on 12/20/2010 05:58 PM:
> Just curious: How many of you guys out there actually read through your system/mail/whatever logs on a regular basis? Or do you use log analyzers? I'm talking about your personal PCs and servers, not the company server you administer.

Wouldn't leave home without it!

I have scripts that leave out very specific known/familiar log entries
and send me a summary of "interesting" log messages nightly.

Easy of maintenance is key. I have an alias called 'edaily' to edit the
script - to make it very easy to maintain. When I look at something in
the output and say to myself, "Well, that's fine and requires no
action," I add a regex to the script that matches that, so that I never
see it again.

Precision is also important. Overly-broad matching, and you miss stuff
of interest. Overly narrow, and you play whack-a-mole with log entries
almost exactly like it but that also require no action. The thought
exercise of determining the Goldilocks-grade "just right" middle ground
is often enlightening.

Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Dec 24 08:24:10 2010

This archive was generated by hypermail 2.1.8 : Fri Dec 24 2010 - 08:24:11 AKST