Howto process syslog log files

By On 17. August, 2005 · Leave a Comment · In howto

There are tools out there which will process (and do other things) the syslog log files. But if you just need to look for specfic things in the logfiles, then somehow installing Snort might be a bit drastic. So what other options are there.

Syslog can log to files (which is quite normal), or FIFO pipes. The syntax for pipes are:

facilty.priority |<path>/<pipe -file>

To create the pipe use mkfifo:

# mkfifo <path>

An example of how to set this up in syslog.conf:

authpriv.* |/tmp/syslog-secure.pipe
authpriv.* /var/log/secure

The above example will make sure that authpriv.* will be send to both a file and a pipe. Now the next thing which is needed is a program (preferable a daemon), which will continue to read the pipe, and do interesting stuff

For that I use perl… To be continued

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious Mixx StumbleUpon Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word

Set your Twitter account name in your settings to use the TwitterBar Section.