| View previous topic :: View next topic |
| Author |
Message |
Art Vandalay
Guru
Joined: 16 Sep 2003
Posts: 335
Location: Melbourne - VIC
|
 Posted: Sun Sep 12, 2004 4:19 am Post subject: app to view logfiles |
 |
|
i was wondering what routine you guys use to go about checking your log files and in what particular order (if at all). do you manually comb each entry in var/log everyday or do you use a third party utilty to pick up only the interesting bits?
at the moment the only thing i can make heads or tails of are the entries in auth.log
in my redhat days a few years back i used a utiliy which would summarise points of interest in the log files and email them to me everyday, and another gui app which would open the log files and present them in a nice gui format, but for the life of me i can't remember what it was called.
_________________
I might not have morals...but at least I have standards |
|
| Back to top |
|
 |
Aurisor
Guru
Joined: 20 Sep 2003
Posts: 361
Location: Boston MA
|
| Posted: Sun Sep 12, 2004 4:45 am Post subject: Re: app to view logfiles |
|
|
| Art Vandalay wrote: | i was wondering what routine you guys use to go about checking your log files and in what particular order (if at all). do you manually comb each entry in var/log everyday or do you use a third party utilty to pick up only the interesting bits?
at the moment the only thing i can make heads or tails of are the entries in auth.log
in my redhat days a few years back i used a utiliy which would summarise points of interest in the log files and email them to me everyday, and another gui app which would open the log files and present them in a nice gui format, but for the life of me i can't remember what it was called. |
Hmm.... a few consoles open with tailf /var/log/whatever, and good ol' grep are good enough for me!  |
|
| Back to top |
|
|
Art Vandalay
Guru
Joined: 16 Sep 2003
Posts: 335
Location: Melbourne - VIC
|
| Posted: Sun Sep 12, 2004 4:51 am Post subject: Re: app to view logfiles |
|
|
| ishan wrote: |
Hmm.... a few consoles open with tailf /var/log/whatever, and good ol' grep are good enough for me! |
hmmm but my question is.....what are you grepping for? 
_________________
I might not have morals...but at least I have standards |
|
| Back to top |
|
|
Janne Pikkarainen
Veteran
Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
|
| Posted: Sun Sep 12, 2004 1:58 pm Post subject: |
|
|
Couple of handy tools:
- logwatch summarizes interesting events and e-mails them for you. I think logwatch is the same program which ships with Red Hat.
- Prelude watches for all kind of network and log events and the results can be seen via a nice web interface. There's even an installation manual for Prelude in Gentoo's web site.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Sun Sep 12, 2004 4:02 pm Post subject: |
|
|
Here is a what I do:
I run logcheck every hour which will grep through messages.. looking for keywords/signatures. You can also ignore keywords.. or certain catches too.
| Code: | | app-admin/logsentry |
I also like to run logwatch as mentioned...this runs every night and summarizes logs for you, etc.. it also shows additional info like disc space.
Tenshi is another great tool.. it can alert you 'real time' on certain flags.. like every FTP/SSH login failure... or certain snort alerts, etc. Tenshi alerts are mailed to you.. as soon as the event is triggered
hope this helps
hanji |
|
| Back to top |
|
|
|
Networking & Security
