Good Log analysing Tool
 

Hi people,

Does anyone know of a good tool for breaking down the likes of, /var/log/messages. My firewall is filling up this file to the point of AAAaaaaHHHHhhhhhhhhhhh..... I know that i could probably set the firewall up to write to a different file (am lazy) I am not sure if that is a good idea anyway?. Know of any tools ????

Lub0

I do not know if there is any. Maybe you could google search the web.

Or you can create your own tool anytime using e.g. bash, grep, awk, sed. If you have any specific ideas what you expect from the tool, I am ready to help to write it (though I am not a script guru at all).

From the sticky thread in this forum:
Loganalysis.org (check the library): http://www.loganalysis.org/
Counterpane, Log Analysis Resources: http://www.counterpane.com/log-analysis.html

I prefer log separation, makes for easier separation of info when logparsing/logrotation for different events/services isn't/shouldn't be synced.

My favorite workhorse is logcheck. It sifts through the logs (can do it automatically as a cron and send you a summary). The nice thing is it flags everything as bad unless you tell it specifically to ignore it in the future. So you'll see everything that's new, but after a few days of running and twaking it, it condenses MB's of logs down to the 10 lines that you need to see. I get through about 80 machines worth of syslogs this way with ease.

It''s not an analysis tool in the sense that it tells you what happened, but what it does is invaluable.

Hope it helps,

mlp

Firstly, Thanks J_Szucs I may take you up on that offer to write my own program. Thxs I will get back too you.....

Logcheck sounds pretty interesting, I will search it out and give it a go.

And finally thx unSpawn I will check out those sites..


Lubo