Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 May 2001 20:15:45 -0400
From:      Michael Lucas <mwlucas@blackhelicopters.org>
To:        "Andrew C. Hornback" <hornback@wireco.net>
Cc:        FreeBSD Questions <questions@FreeBSD.ORG>
Subject:   Re: syslog.conf && executing programs
Message-ID:  <20010511201545.A29221@blackhelicopters.org>
In-Reply-To: <013c01c0da6e$6d9c6e40$0e00000a@tomcat>; from hornback@wireco.net on Fri, May 11, 2001 at 07:02:18PM -0400
References:  <20010511131433.A28242@blackhelicopters.org> <013c01c0da6e$6d9c6e40$0e00000a@tomcat>

next in thread | previous in thread | raw e-mail | index | archive | help
Yep, that would be nice.

Unfortunately, we have a specific request for "realtime monitoring of
the service" -- it's an IDS.  The client is willing to pay for someone
to read it, so who am I to argue?  (Now, if they'd pay for someone who
*understood* it to read it, I'd be more impressed. :)

I think I got swatch to work more correctly, so I'm not too worried.
(It has built-in functionality to restart itself at X time, so
hopefully it'll close & reopen the filehandle, but I'll have to check
tomorrow to be sure).  Still, it would be nice to understand what I'm
doing wrong.

I think the guy who pointed out the wrapper script issue (and whose
name completely escapes me, it's out of sight of my Mutt window) is
correct.  Ah, well, I've always wanted to learn more shell scripting,
I'm sure it'll be obvious once I figure it out.  :)


On Fri, May 11, 2001 at 07:02:18PM -0400, Andrew C. Hornback wrote:
> 	Depending on your settings for Syslog, that's gonna be thousands of e-mails
> an hour.  A small installation that I worked on last year involving a Cisco
> 2600 series, a USR modem rack and a few servers spit out 7000 messages in an
> hour.  'course, I had everything set to absolute 100% verbosity so I could
> see how it was operating, since the previous "System Admin" (and I use the
> term loosely) evidently got his MCSE in a box of Cracker Jacks.
> 
> 	You might be better off if you could set it to send you the contents of the
> syslog buffer every 10 minutes if you can give it that much time between a
> possible critical problem and being alerted to it.  That would make your
> mail server feel a LOT better... *grins*
> 
> --- Andy
> 
> > -----Original Message-----
> > From: owner-freebsd-questions@FreeBSD.ORG
> > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Michael Lucas
> > Sent: Friday, May 11, 2001 1:15 PM
> > To: Jonathan Fortin
> > Cc: questions@freebsd.org
> > Subject: Re: syslog.conf && executing programs
> >
> >
> > I'm not trying to rotate, I want every message immediately emailed to
> > me.  But thanks.
> >
> > On Fri, May 11, 2001 at 11:31:10AM -0400, Jonathan Fortin wrote:
> > > Hum
> > > syslogd doesnt have logfile rotation functionality.
> > >
> > > it's called newsyslog that has it and you can use it in any
> > instance to trim
> > > files.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Michael Lucas" <mwlucas@blackhelicopters.org>
> > > To: <questions@freebsd.org>
> > > Sent: Friday, May 11, 2001 11:02 AM
> > > Subject: syslog.conf && executing programs
> > >
> > >
> > > > Hello,
> > > >
> > > > I'd like to use syslogd to mail me upon certain events.
> > > >
> > > > local3.*                           | /usr/bin/mail -s alert mwlucas
> > > >
> > > > (I was using swatch, but it gives me trouble with logfile rotation.
> > > > Since syslogd has the functionality, why not use it?)
> > > >
> > > >
> > > > The first time something is appended to the log, I get a mail.
> > > >
> > > > The second time, I get a hang:
> > > >
> > > > loghost/etc;ps -ax | grep mail
> > > > 25711  ??  Is     0:00.00 sh -c  /usr/bin/mail -s alert mwlucas
> > > > 25712  ??  I      0:00.00 /usr/bin/mail -s alert mwlucas
> > > > loghost/etc;
> > > >
> > > >
> > > > Any suggestions?
> > > >
> > > >
> > > > --
> > > > Michael Lucas
> > > > mwlucas@blackhelicopters.org
> > > > http://www.blackhelicopters.org/~mwlucas/
> > > > Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> >
> > --
> > Michael Lucas
> > mwlucas@blackhelicopters.org
> > http://www.blackhelicopters.org/~mwlucas/
> > Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >

-- 
Michael Lucas
mwlucas@blackhelicopters.org
http://www.blackhelicopters.org/~mwlucas/
Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010511201545.A29221>