On Tue, 2004-06-15 at 10:22, Kern, Tom wrote: > I have a linux syslog server set up to centralize logging of all event viewer > messages on my (30) Win2k servers via the Eventlog to Syslog utility. > My question to the group now is, how do you guys typically deal with all that info? > do you parse it with a perl script for errors and ignore the rest or have an email > generated when a critical error occurs or just(god forbid) go thru them all each > morning. > I'm the only admin here and dealing with 30 server's logs can really eat a huge > chunk of my day. is ther a better cheap(free) way to optimize this?
I have the windows servers logging to a linux box running syslog-ng, which allows for some very nice filtering at the syslog level. So right off the bat each server has its own log file. Then I'm writing a perl script that walks through each server's logfile and parses it for different level issues, ERROR, WARNING, and INFO. These then form the basis of "reports" that are emailed out periodically.
signature.asc
Description: This is a digitally signed message part
