[TriLUG] Server Maintenance
Jeremy Portzer
jeremyp at pobox.com
Fri Aug 1 10:50:57 EDT 2003
On Fri, 2003-08-01 at 10:44, Jon Carnes wrote:
> There are some dandy tools for doing log checking. I diff my logs on
> remote servers (getting rid of the standard messaging cruft) and then
> just send the diffs as an email). If I get information in these mails
> that I can ignore, then I go back to the server and adjust my diff
> filters. The filters are basically just a series of greps:
> | grep -v 'phrase to ignore' /
>
> Whatever is left over (if anything) is then mailed to me.
>
> I also have certain trigger words that I scan the logs for every 10
> minutes to an hour. If one of the trigger phrases comes up, then I get
> an immediate notification. An example would be someone logging into the
> server from an external ip address, or something as simple as:
> grep error /var/log/messages
>
To expand on this, the "logwatch" tool that comes with many Linux
distributions is an good way of automating this process easily.
In Red Hat Linux, for instance, simply installing the logwatch RPM will
cause email to be sent nightly with certain types of messages from the
logs, such as failed logins. You can configure it to do all kinds of
stuff in /etc/log.d/ (see the documentation, usually found in
/usr/share/logwatch/ and the man page)
--Jeremy
--
/---------------------------------------------------------------------\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030801/0692b76f/attachment.pgp>
More information about the TriLUG
mailing list