If you happen to use the GUI, there's a log viewer in the suse installer list called xlogmaster. Its REALLY easy to use and it can highlight as well as pop up/alert you when a string you specify matches the logs, by default it'll look at /var/log/messages but you can add other logs/files such as vsftpd's log. It also has hd usage, memory, and other critical stats at the click of a mouse. I highly recommend it. Happy St. Patrick's day Matt ..Beer in a bottle? Brilliant!!! -----Original Message----- From: Manuel Balderrábano [mailto:garibolo@wanadoo.es] Sent: Wednesday, March 17, 2004 7:54 AM To: suse-security@suse.com Subject: Re: [suse-security] Log Viewers Hello. I have been using logdigest and scanlogd for a while in a SuSE 8.2, but it seems not to be avaliable for SuSE 9.0! Anybody knows about this? Regards. El Jueves, 11 de Marzo de 2004 17:54, Andreas Wagner escribió:
Hello Eric, hello list,
* Eric Kahklen wrote on Mar/11/2004:
I am looking for the easiest package that works well with SuSE to parse logs. I'd like to keep track of the typical logs as well as logs for Postfix and Squid. Can anyone recommend some good packages and possible
"how tos" for setting it up? My eyes are getting rather tired of walking
through each file manually.
Thanks,
Eric
I am using logdigest [1]
configuration files are as follows:
- /etc/logdigest/config: LOGFILES="/var/log/messages /var/log/mail /var/log/firewall" SYSADMIN=root EXTENDED_STATS=yes
- /etc/logdigest/alarming.local: alert:
- /etc/logdigest/ignore.local: Inspecting /boot/System.map-2\.4\.18-4GB Symbol version prefix Virus Scanner will process message spamd\[.*\]: identified spam
etc. Remember that these are regex's. this is the bit that needs some tuning. My ignore.local has some 3kb... I am not sure how well this will handle squid logs, but I am very satisfied with how it handles postfix, iptables, cron and other standard logs.
[1] http://www.suse.de/en/private/products/suse_linux/i386/packages_professional /logdigest.html
HTHH, Andreas
-- Science is everything we understand well enough to explain to a computer. Art is everything else. - David Knuth
-- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- ---------------------------------------------------------------------------- ----- Manuel Balderrábano e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------- ----- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
We have also resurrected xlogmaster. I'm now the maintainer and we will be looking for enhancements etc. Feel free to e-mail etc. Xlogmaster is GPL and part of the GNU project.
What I need is a tool like logdigest, so that I can include a cron job in every server to send me a mail and therefore beeing much easier checking logs... Since most of them don't have an X system installed, I cannot use xlogmaster. I am trying what Tony Stohne suggested, that is installing logdigest from: http://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.0-i386/RPMS.base/logdigest-0.1.... Thaks to all El Miércoles, 17 de Marzo de 2004 15:11, Matt Bohall escribió:
If you happen to use the GUI, there's a log viewer in the suse installer list called xlogmaster. Its REALLY easy to use and it can highlight as well as pop up/alert you when a string you specify matches the logs, by default it'll look at /var/log/messages but you can add other logs/files such as vsftpd's log. It also has hd usage, memory, and other critical stats at the click of a mouse. I highly recommend it.
Happy St. Patrick's day
Matt
..Beer in a bottle? Brilliant!!!
-----Original Message----- From: Manuel Balderrábano [mailto:garibolo@wanadoo.es] Sent: Wednesday, March 17, 2004 7:54 AM To: suse-security@suse.com Subject: Re: [suse-security] Log Viewers
Hello.
I have been using logdigest and scanlogd for a while in a SuSE 8.2, but it seems not to be avaliable for SuSE 9.0!
Anybody knows about this?
Regards.
El Jueves, 11 de Marzo de 2004 17:54, Andreas Wagner escribió:
Hello Eric, hello list,
* Eric Kahklen wrote on Mar/11/2004:
I am looking for the easiest package that works well with SuSE to parse logs. I'd like to keep track of the typical logs as well as logs for Postfix and Squid. Can anyone recommend some good packages and possible
"how tos" for setting it up? My eyes are getting rather tired of walking
through each file manually.
Thanks,
Eric
I am using logdigest [1]
configuration files are as follows:
- /etc/logdigest/config: LOGFILES="/var/log/messages /var/log/mail /var/log/firewall" SYSADMIN=root EXTENDED_STATS=yes
- /etc/logdigest/alarming.local: alert:
- /etc/logdigest/ignore.local: Inspecting /boot/System.map-2\.4\.18-4GB Symbol version prefix Virus Scanner will process message spamd\[.*\]: identified spam
etc. Remember that these are regex's. this is the bit that needs some tuning. My ignore.local has some 3kb... I am not sure how well this will handle squid logs, but I am very satisfied with how it handles postfix, iptables, cron and other standard logs.
[1] http://www.suse.de/en/private/products/suse_linux/i386/packages_professional /logdigest.html
HTHH, Andreas
-- Science is everything we understand well enough to explain to a computer. Art is everything else. - David Knuth
-- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- ---------------------------------------------------------------------------- ----- Manuel Balderrábano
e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------- -----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- --------------------------------------------------------------------------------- Manuel Balderrábano e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------------
logwatch does that. Nightly run in cron, looks over the logs and points out anything odd, an output of df and list of users who logged in. I believe it comes on the SuSE dvd, too. In the noarch area, since it's a perl script... Quoting Manuel Balderrábano <garibolo@wanadoo.es>:
What I need is a tool like logdigest, so that I can include a cron job in every server to send me a mail and therefore beeing much easier checking logs... Since most of them don't have an X system installed, I cannot use xlogmaster.
I am trying what Tony Stohne suggested, that is installing logdigest from:
http://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.0-i386/RPMS.base/logdigest-0.1....
Thaks to all
If you happen to use the GUI, there's a log viewer in the suse installer list called xlogmaster. Its REALLY easy to use and it can highlight as well as pop up/alert you when a string you specify matches the logs, by default it'll look at /var/log/messages but you can add other logs/files such as vsftpd's log. It also has hd usage, memory, and other critical stats at
click of a mouse. I highly recommend it.
Happy St. Patrick's day
Matt
..Beer in a bottle? Brilliant!!!
-----Original Message----- From: Manuel Balderrábano [mailto:garibolo@wanadoo.es] Sent: Wednesday, March 17, 2004 7:54 AM To: suse-security@suse.com Subject: Re: [suse-security] Log Viewers
Hello.
I have been using logdigest and scanlogd for a while in a SuSE 8.2, but it seems not to be avaliable for SuSE 9.0!
Anybody knows about this?
Regards.
El Jueves, 11 de Marzo de 2004 17:54, Andreas Wagner escribió:
Hello Eric, hello list,
* Eric Kahklen wrote on Mar/11/2004:
I am looking for the easiest package that works well with SuSE to parse logs. I'd like to keep track of the typical logs as well as logs for Postfix and Squid. Can anyone recommend some good packages and
El Miércoles, 17 de Marzo de 2004 15:11, Matt Bohall escribió: the possible
"how tos" for setting it up? My eyes are getting rather tired of
walking
through each file manually.
Thanks,
Eric
I am using logdigest [1]
configuration files are as follows:
- /etc/logdigest/config: LOGFILES="/var/log/messages /var/log/mail /var/log/firewall" SYSADMIN=root EXTENDED_STATS=yes
- /etc/logdigest/alarming.local: alert:
- /etc/logdigest/ignore.local: Inspecting /boot/System.map-2\.4\.18-4GB Symbol version prefix Virus Scanner will process message spamd\[.*\]: identified spam
etc. Remember that these are regex's. this is the bit that needs some tuning. My ignore.local has some 3kb... I am not sure how well this will handle squid logs, but I am very satisfied with how it handles postfix, iptables, cron and other standard logs.
[1]
http://www.suse.de/en/private/products/suse_linux/i386/packages_professional
/logdigest.html
HTHH, Andreas
-- Science is everything we understand well enough to explain to a computer. Art is everything else. - David Knuth
-- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--
----------------------------------------------------------------------------
----- Manuel Balderrábano
e-mail: garibolo@wanadoo.es
----------------------------------------------------------------------------
-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--
---------------------------------------------------------------------------------
Manuel Balderrábano
e-mail: garibolo@wanadoo.es
---------------------------------------------------------------------------------
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (4)
-
John S. Gaythorpe -
Manuel Balderrábano -
Matt Bohall -
suse@rio.vg