From owner-freebsd-questions Fri May 11 17:16:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 4632237B43E for ; Fri, 11 May 2001 17:16:13 -0700 (PDT) (envelope-from mwlucas@blackhelicopters.org) Received: (from mwlucas@localhost) by blackhelicopters.org (8.9.3/8.9.3) id UAA29245; Fri, 11 May 2001 20:15:45 -0400 (EDT) (envelope-from mwlucas) Date: Fri, 11 May 2001 20:15:45 -0400 From: Michael Lucas To: "Andrew C. Hornback" Cc: FreeBSD Questions Subject: Re: syslog.conf && executing programs Message-ID: <20010511201545.A29221@blackhelicopters.org> References: <20010511131433.A28242@blackhelicopters.org> <013c01c0da6e$6d9c6e40$0e00000a@tomcat> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <013c01c0da6e$6d9c6e40$0e00000a@tomcat>; from hornback@wireco.net on Fri, May 11, 2001 at 07:02:18PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yep, that would be nice. Unfortunately, we have a specific request for "realtime monitoring of the service" -- it's an IDS. The client is willing to pay for someone to read it, so who am I to argue? (Now, if they'd pay for someone who *understood* it to read it, I'd be more impressed. :) I think I got swatch to work more correctly, so I'm not too worried. (It has built-in functionality to restart itself at X time, so hopefully it'll close & reopen the filehandle, but I'll have to check tomorrow to be sure). Still, it would be nice to understand what I'm doing wrong. I think the guy who pointed out the wrapper script issue (and whose name completely escapes me, it's out of sight of my Mutt window) is correct. Ah, well, I've always wanted to learn more shell scripting, I'm sure it'll be obvious once I figure it out. :) On Fri, May 11, 2001 at 07:02:18PM -0400, Andrew C. Hornback wrote: > Depending on your settings for Syslog, that's gonna be thousands of e-mails > an hour. A small installation that I worked on last year involving a Cisco > 2600 series, a USR modem rack and a few servers spit out 7000 messages in an > hour. 'course, I had everything set to absolute 100% verbosity so I could > see how it was operating, since the previous "System Admin" (and I use the > term loosely) evidently got his MCSE in a box of Cracker Jacks. > > You might be better off if you could set it to send you the contents of the > syslog buffer every 10 minutes if you can give it that much time between a > possible critical problem and being alerted to it. That would make your > mail server feel a LOT better... *grins* > > --- Andy > > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Michael Lucas > > Sent: Friday, May 11, 2001 1:15 PM > > To: Jonathan Fortin > > Cc: questions@freebsd.org > > Subject: Re: syslog.conf && executing programs > > > > > > I'm not trying to rotate, I want every message immediately emailed to > > me. But thanks. > > > > On Fri, May 11, 2001 at 11:31:10AM -0400, Jonathan Fortin wrote: > > > Hum > > > syslogd doesnt have logfile rotation functionality. > > > > > > it's called newsyslog that has it and you can use it in any > > instance to trim > > > files. > > > > > > > > > ----- Original Message ----- > > > From: "Michael Lucas" > > > To: > > > Sent: Friday, May 11, 2001 11:02 AM > > > Subject: syslog.conf && executing programs > > > > > > > > > > Hello, > > > > > > > > I'd like to use syslogd to mail me upon certain events. > > > > > > > > local3.* | /usr/bin/mail -s alert mwlucas > > > > > > > > (I was using swatch, but it gives me trouble with logfile rotation. > > > > Since syslogd has the functionality, why not use it?) > > > > > > > > > > > > The first time something is appended to the log, I get a mail. > > > > > > > > The second time, I get a hang: > > > > > > > > loghost/etc;ps -ax | grep mail > > > > 25711 ?? Is 0:00.00 sh -c /usr/bin/mail -s alert mwlucas > > > > 25712 ?? I 0:00.00 /usr/bin/mail -s alert mwlucas > > > > loghost/etc; > > > > > > > > > > > > Any suggestions? > > > > > > > > > > > > -- > > > > Michael Lucas > > > > mwlucas@blackhelicopters.org > > > > http://www.blackhelicopters.org/~mwlucas/ > > > > Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > -- > > Michael Lucas > > mwlucas@blackhelicopters.org > > http://www.blackhelicopters.org/~mwlucas/ > > Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- Michael Lucas mwlucas@blackhelicopters.org http://www.blackhelicopters.org/~mwlucas/ Big Scary Daemons: http://www.oreillynet.com/pub/q/Big_Scary_Daemons To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message