On Fri, Mar 7, 2008 at 7:32 PM, Nikhil <[EMAIL PROTECTED]> wrote: > > > On Fri, Mar 7, 2008 at 7:07 PM, Agnello George <[EMAIL PROTECTED]> > wrote: > > > On 3/7/08, Nadeem M. Khan <[EMAIL PROTECTED]> wrote: > > > > > > On Fri, Mar 7, 2008 at 5:25 PM, Agnello George < > > [EMAIL PROTECTED]> > > > wrote: > > > > > > > if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ; > > then > > > > > > You might lots of false alarms because of that. Dont grep for "error" > > > in general. Grep for a more specific expression that is unique to the > > > error you are looking for. > > > > > > [ grep "unique expression" /tmp/agnello ..... > > > > > > > > Thanks for the tip!! > > > > Actually, if I can start from the first mail, then there is something > called 'event correlation', which I believe you are actually looking out > for. There are opensource tools like logsurfer and SEC (Simple-Event > Correlator) (ofcourse there are other Enterprise versions like splunk > etc..), which are basically implemented in perl . > > I like logsurfer for its simplicity but SEC has few advantages over SEC in > few contexts. Try it if you are looking for more than extending your scripts > . (My policy: Never reinvent the wheel) > > Regards, > Nikhil >
let me know if you need any startup help with the sec or the logsurfer... -- Nikhil Google is Great ! -- http://mm.glug-bom.org/mailman/listinfo/linuxers
