We need to implement a log parser and reporting mechanism. Currently the only quasi-maintained, open source, sane solution is epylog - it is, however, not currently built for el6.
So steps we need to do: - build for el6 - send to epel - install on log02 - setup configs (possibly multiple of them) to generate logs for classes of systems - figure out how we want those sent out (email or to a website) - weed out all the extra crap
I've set epylog up like this for a few hundred actively used linux/solaris servers in the past and it works pretty well, provided the log processor is beefy enough.
Hello,[[BR]]
At meeting I said logrotate but in the fact I was talking about logwatch witch is in the base OS (rhel) and well maintained (last updated 2010-03-26).
It may just be based on my experience but logwatch doesn't scale well with logs from lots of machines - it deals best with log reports from a single machine at a time.
I agree logwatch isn't a very good option here. You get a report from every machine (or one very very long report from a central log server). It's difficult to modify and tweak and it's not very maintained upstream last I looked. ;(
Another suggestion I heard was: http://simple-evcorr.sourceforge.net/
I'm not sure how hard it would be to create rulesets for our needs. It's perl, not sure how well maintained, but already in epel.
okay- epylog and a merged log is implemented on log02. We have a long way to go to get all the modules as we want them and to weed eat out all the crap but it's really not bad at all, right now.
Log in to comment on this ticket.