There hasn't been any code posted here in eons so I will contribute some of my latest project. Everyone should review the logs on all of their systems but few do. Logcheck used to be a great tool for this but it seems to have fallen into disuse and is no longer maintained. There is a debian package which seems to be maintained but it is way more complicated than it needs to be. RedHat comes with something called logwatch but it tries to do way too much interpretation and summarizing (telling you how many emails were sent, how many bounces, how many people logged in) which I usually do not care about. I just want to see if anything unusual happened. Even swatch seems to be a little more complicated than it should be and it doesn't have a feature I have always wanted: macros which make the regex easier to deal with.
So I wrote LOLLERSKATES. It is simple, easy to configure, and has macros so I can fully match a proper IP address without having to always type in that huge regex which matches IP's. TODO list: Keep track of regex's which have not matched in say, over a month, and warn about them since they are uselessly cluttering the config. Unit tests? It's already written so I don't know if that would serve much point. I'm not sure how I would written implemented unit tests to begin with. Comments are critiques are welcome. To use it to monitor your logfiles download the tarball, explode it somewhere reasonable like /usr/local/lollerskates, config lollerskates_config.py with the logfiles you want to monitor, where you want results emailed to, etc. You will have to create the dir where it keeps its state files. Then cron it to run every hour or day or whatever suits your fancy. I run it hourly. Then you can progressively add regexes to the ignore.conf file for stuff you don't want to see anymore. Download it from: http://ultraviolet.org/Members/treed/lollerskates/ Upcoming projects which I will post code for: A new remote agent for nagios and set of plugins which will monitor many things and report back to nagios. Eventually with rrdtool integration so we can graph cool stuff. Potentially some Xen cluster management software. -- Tracy R Reed http://ultraviolet.org -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
