Still drowning in log files...
...But at least they don't taste so bad.
Like most sysadmins, I spend a fair bit of time reading log files. These come from roughly 3 dozen servers and a few hundred workstations. There's some helpful software out there (notably logcheck), but there's still a lot to read. Logcheck works by excluding certain patterns from log files, and mailing the rest of the content to the admin. The more time one spends tuning the logcheck database, the easier it gets to read the rest.
One thing I've always wished logcheck could do was use some sort of threshold system. There are many messages that, if they only happen once, are no big deal and can be ignored. If they happen many times, however, they are quite important. Logcheck doesn't have a mechanism for dealing with this sort of thing. So I suffer through a bunch more messages than I really need to.
There are a number of other log analyzers that I'd like to investigate, some as a suppliment to logcheck, and others as a replacement. splunk and logwatch are a couple of them. I use logwatch on a machine at home, and it generates decent summaries of logfiles. I've tried it here at the lab, though, and it doesn't seem to work well in an environment where it runs on a machine that is an aggregation point for logs from many machines.
writebacks...
trackback
TrackBack ping me at:
https://people.csail.mit.edu/noahm/blosxom.cgi/xmas.trackback
comment...