What is a good logfile scanner/tool to help monitor logfiles?
 

I need help looking at all the log files on my server. There are too many files to watch all the time. What is the best way to automate watching the logfiles. I heard a program called SWATCH is good but have never used it. Both opinions and facts appreciated.

BTW, I am running RedHat 8 and 9. The server runs PGSQL, HTTPD, and POP3 mail.

Logcheck seems to be working excellent for me. It runs through the logs looking for keywords, then emails you with any possible security concerns. It is rather verbose with the default config, but you can tailor it as you see fit with 'ignore' words, etc.

I have it emailing me (WAN) in case an intruder was to try and delete my local mail to cover his/her tracks. It's set up as a cron job.

Check it out! Just be sure to read the docs it comes with before/during installation to save yourself some headaches.