[plug] tail -f /var/log/messages
Colin Muller
colin at durbanet.co.za
Tue May 30 19:01:06 WST 2000
> On Tue, May 30, 2000 at 09:18:34AM +0800, Earnshaw, Mike wrote:
> > I am trying to monitor the /var/log/messages file in a quick smart
Along with the other useful suggestions, you may want to try something
like logdog:
http://marvin.criadvantage.com/caspian/Software/LogDog/default.php
It's a Perl script which monitors any files you name for certain words
(or partial words) at an interval you specify (default 30 secs) and
sends you mail with the relevant log entry if those words occur. It
keeps track of the time so it doesn't give you duplicate warnings. It
can also ignore these words in certain types of entries if you want. It
comes with an install script (read the instructions on completion of the
script as well) and a pretty sensible default word list (which you can
alter). There are other similar programs - you could search on Freshmeat
for log monitor or something similar. Logdog runs as a daemon and takes
up the usual Perl amount of memory - 1.5 to 2MB.
There was one glitch in the logdog install script - it didn't set up the
ignore part properly. If you use it and encounter this (and can't fix
it), give me a shout and I'll let you know how to sort it out.
As with any such solution, it could theoretically be circumvented by
someone quick enough to find and kill it before it reported an
intrusion; but they'd have to be quick.
-Colin
More information about the plug
mailing list