...But at least they don't taste so bad.

Like most sysadmins, I spend a fair bit of time reading log files. These come from roughly 3 dozen servers and a few hundred workstations. There's some helpful software out there (notably logcheck), but there's still a lot to read. Logcheck works by excluding certain patterns from log files, and mailing the rest of the content to the admin. The more time one spends tuning the logcheck database, the easier it gets to read the rest.

One thing I've always wished logcheck could do was use some sort of threshold system. There are many messages that, if they only happen once, are no big deal and can be ignored. If they happen many times, however, they are quite important. Logcheck doesn't have a mechanism for dealing with this sort of thing. So I suffer through a bunch more messages than I really need to.

There are a number of other log analyzers that I'd like to investigate, some as a suppliment to logcheck, and others as a replacement. splunk and logwatch are a couple of them. I use logwatch on a machine at home, and it generates decent summaries of logfiles. I've tried it here at the lab, though, and it doesn't seem to work well in an environment where it runs on a machine that is an aggregation point for logs from many machines.

Damn the spammers. I've been forced to enable captchas in an effort to combat spam on this blog. It's amazing how persistent the spammers are at finding and spamming blogs, even very obscure blogs based on relatively obscure software. It was sort of interesting to watch how the spammers probed the blog. They found it and posted a couple of individual comments the first few times, which I removed fairly quickly. Then, suddenly, several days after the first spam events they appear to have automated the posting process, and flooded the blog with several hundred spams.