LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Monitoring log, but ignoring valid entries (https://www.linuxquestions.org/questions/linux-newbie-8/monitoring-log-but-ignoring-valid-entries-947771/)

rebelbuttmunch 05-31-2012 08:58 AM

Monitoring log, but ignoring valid entries
 
Hi,

I deal with servers that print a lot of good and useless information. I want to be able to periodically search the daily log for something out of the ordinary.

Whats the best way to feed a list of log entries into some kind of search mechanism as a list of IGNORE these, but give me everything else?

Thanks!

porphyry5 05-31-2012 01:22 PM

Quote:

Originally Posted by rebelbuttmunch (Post 4692044)
Hi,

I deal with servers that print a lot of good and useless information. I want to be able to periodically search the daily log for something out of the ordinary.

Whats the best way to feed a list of log entries into some kind of search mechanism as a list of IGNORE these, but give me everything else?

Thanks!

With successive greps. Assuming log.txt is your log something like

grep -iv 'not this' log.txt | grep -iv 'nor that' | grep -iv 'nor this either'

Add as many as you need to exclude by the text you enter between the single quotes, or use double quotes if you want your exclusions by a regex

See man grep for details

unSpawn 05-31-2012 02:31 PM

Quote:

Originally Posted by rebelbuttmunch (Post 4692044)
I want to be able to periodically search the daily log for something out of the ordinary.

Logwatch, Logcheck and Swatch are pretty good for that. Note 'out of the ordinary' can also be defined as "recurring too often" or "occurring sporadically". To find such lines there's 'petit' (see its "--hash" and "--wordcount" switches).

rebelbuttmunch 06-08-2012 07:57 AM

My problem is solved. Swatch was the way to go. Thanks


All times are GMT -5. The time now is 04:54 PM.