Lee W wrote:
> Hi Everyone,
>
> I need to be able to create a summary report of all relevent syslog
> entries that is then emailed weekly.
>
> The idea I have for this is to pipe the syslog entries (logged from
> many hosts UNIX-Like and Windows) out to a a named pipe (say
> /var/log/logpipe) that is then read periodically by a perl script
> started from cron.
>
> The perl script then filters the log entries (probably using regular
> expressions) and takes the appopriate action based on the severity of
> the error (i.e. log to summary file, or immediately email admin).
>
> My main concern is that if a lot of entries get logged the FIFO buffer
> may overload therefore loosing entries.
>
> Does anyone know what the size of the FIFO buffer is (or how it can be
> configured) or maybe there is a better way to do something like what
> I'm trying.
This doesn't exactly answer your question, but have you checked out the
logcheck package that's part of the Abacus Project tool set? It does
not come with CentOS, but logcheck had some nice regex matching
capabilities at one time. Essentially it would mail anomalous syslog
entries to the admin every hour/day/week/etc. as a cron job. It also
requires the logtail package.
More info can be found at http://logcheck.org/
There is also Logwatch Consolidator, which supposedly combines multiple
logwatch emails into a single one which can be mailed.
http://freshmeat.net/projects/lc/
I know about these from my Debian days. There did not appear to be a
logwatch package for woody, and it was the next thing.
The reports were a little bit too verbose for me. I prefer the
organization that logwatch provides on a daily basis, but I figured
maybe you can use their code as a starting place to do some hacking,
rather than rewriting everything yourself.
Good luck,
Shawn M. Jones