[unisog] [Fwd: Re: OSS monitoring recommendations]

Jonathan Glass jonathan.glass at oit.gatech.edu
Fri Sep 30 15:44:14 GMT 2005


Michael Holstein wrote:
>>I've been doing my research and now I know that I might be needing a SIM
>>solution but I really would appreciate your advice on a good and solid
>>solution that meets these requirements at least.
> 
> 
> 1) syslog-ng on a unix box.
> 2) 'tail -f firewall.log |grep a.b.c.d'

Actually, you can write a simple script to do grep for something, and 
have syslog-ng send a copy of the logs to that script, in addition to 
the log file.  That's real-time, buddy!  AND you don't have to worry 
about log rotation.

 From http://www.campin.net/syslog-ng/faq.html#external_program

I have been trying syslog-ng and extremely happy with the power of using 
it. I have one question, when using the program option under destination 
drivers, my PERL script gets launched when I start syslog-ng, but 
executes once and then dies. I am using this script to page any time I 
see an log entry, but it only runs the first time it runs.

You can read log messages on your stdin, so instead of fetching a single 
line and exiting keep reading your input like this:

#!/usr/bin/perl
while (<>) {
         # send to pager
}

> 
> That's about as 'real-time' as anyone could ask for.
> 
> ~Mike.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 



More information about the unisog mailing list