Monitoring message and secure logs using regular expressions

		LinuxQuestions.org > Forums > Linux Forums > Linux - General
Monitoring message and secure logs using regular expressions

Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.

Exclusive for LQ members, get up to 45% off per month. Click here for more info.

Search this Thread

05-01-2007, 10:47 AM	#1
alienux Member Registered: Sep 2006 Location: Dayton, Ohio Distribution: Slackware 12, Fedora Core, PCLinuxOS Posts: 194 Rep:	Monitoring message and secure logs using regular expressions My company is transitioning from being a traditional IT company to being a MSP/NOC. The NOC software that we are using allows us to define regular expressions that logs will be monitored for. If the regular expression is not found, the status will be Ok/normal. If the regular expression is found, the status will show as warning and/or failed. I'm looking for some suggestions for regular expressions that may be found in /var/log/messages and in /var/log/secure that should flag a warning or failed state for those logs in our NOC software. The software shows failed if the expression if found at all, so I can't configure it to only show failed if, for example, there are 50 ssh login failures. It will show as failed if there is one failure, or 1000 failures, so I'm going to have to find a different way to deal with those, but any other message or secure log entries that can be used to flag warnings/failures will be very helpful.

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
regular expressions.	stomach	Linux - Software	1	02-10-2006 06:41 AM
Regular Expressions	markjuggles	Programming	2	05-05-2005 11:39 AM
Regular Expressions	overbored	Linux - Software	3	06-24-2004 02:34 PM
help with REGULAR EXPRESSIONS	ner	Linux - General	23	10-31-2003 11:09 PM
Regular expressions	aromes	Linux - General	1	10-15-2003 12:29 PM

All times are GMT -5. The time now is 02:10 AM.

Main Menu

(Con't)

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

Twitter: @linuxquestions