5

In order to learn more about what is logged by my desktop machine, I'd like to set up something better than a casual grep command to see what's going on. A typical use case would be to send an email with a warning if more than X SSH login attempts failed within Y minutes for user username.

To be clear, this is not for web server logs, which most *nix log analysis tools seem to be focusing on. Also, I would like this system to be live, not just a grep in cron, in order to be able to catch events like shutdown now before the machine goes down.

LogSurfer might be the right thing for me, but I'd like to know of other, similar tools if there are any.

Of course, I'm only interested in FLOSS.

l0b0
  • 51,350

2 Answers2

2
  • logwatch is a common solution for log analysing and monitoring
  • logsentry is also a classic package, targeted mainly at security

(Don't be put off by the lacks of shiny websites - many well-established, BSD-derived tools just aren't trying to promote themselves - it's enough for them to be known by experts.)

rozcietrzewiacz
  • 39,269
1

We use SEC at my current job. It's functionally similar to LogSurfer, in that it watches log files in real time ("tail -f" style), and it can act on any arbitrary event or combination of events. Like LogSurfer, you match the lines you're interested in using regular expressions, so you aren't limited to a particular log format.

Another one I ran across while looking for a link for SEC is LoGS. I've never seen or used it, but if you're in the evaluation stage, if might be worth a look, too.

James Sneeringer
  • 2,592