What do you guys use to make sure that evil log messages get noticed quickly? I've been trying to set up swatch. There is an rpm to install the binary, but it does not provide a default config file or set up swatch as a service in chkconfig. So I am doing it myself, no problem. But I keep googling for various things, and if I include 'fedora' in the search terms I don't get much, as if no one used it. Swatch has been around a long time, so if anyone used it I think there would be a lot more information available and stuff ready to go. The basic capability I am looking for is a daemon that tails one (or more) log files, greps out stuff that is boring, and immediately sends me an email about the interesting stuff. Especially stuff that I've never seen before and therefore don't have a nice regular expression for other than /./. Swatch seems aimed right at this sort of problem. Logwatch is similar, but by default is set up to run once a day, and includes a lot of stuff by default that I consider dull, and even the stuff that I consider interesting is formatted in a way that makes me have to think too much before knowing "everything's cool" or "oh fudge!" Is there an easy way to make it more event driven and grep out all the boilerplate? Do you leave logwatch's setup alone, turn it off, or tweak it? I know nothing about syslog-ng, other than it handles centralized logging over TCP, maybe it can so something like this, grep out the noise and email the signal? Any other options? My feeling is that I should only have to look at logs when I am looking for error messages related to some problem I am having, that the sort of bad news that shows up in a log file unexpectedly should come chasing after me (via email) instead of waiting for me to come take a look at the logs, something I am always tempted to put off for 'later'. Thanks, Dave
