Howto process syslog log files

There are tools out there which will process (and do other things) the syslog log files. But if you just need to look for specfic things in the logfiles, then somehow installing Snort might be a bit drastic. So what other options are there.

Syslog can log to files (which is quite normal), or FIFO pipes. The syntax for pipes are:

facilty.priority |<path>/<pipe -file>

To create the pipe use mkfifo:

# mkfifo <path>

An example of how to set this up in syslog.conf:

authpriv.* |/tmp/syslog-secure.pipe
authpriv.* /var/log/secure

The above example will make sure that authpriv.* will be send to both a file and a pipe. Now the next thing which is needed is a program (preferable a daemon), which will continue to read the pipe, and do interesting stuff

For that I use perl... To be continued


Popular posts from this blog

Apple AirPort Express and Digital Jitter..

EIZO Colornavigator - Data Access Error

Using Borg backup across SSH with sshkeys