2

I am preparing a log watch dog but my concern is tailing always would blow up in some point. Thus,

My concern is to monitor the log file always and if a pattern match occurs.

Issue some commands on ubuntu machine.

tailing always seems to be not the appropriate solution. Can you recommend some other way for it ?

mfinni
  • 36,144
  • 4
  • 53
  • 86
Olgun Kaya
  • 137
  • 2
  • 10

3 Answers3

2

The best tool I can think of for this task is syslog-ng (there are both commercial and open-source editions available).

There are a couple of ways to do handle this within syslog-ng, but the one I would suggest is to filter for the message characteristics you want, and then send the message to a destination that calls a program() to do what you need.

The syslog-ng documentation has more details on this, as well as the other capabilities you get with syslog-ng.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • well I've came across with **swatch** and it seems to be ok for my situation. But I need to prevent that swatch shouldn't be killed. So that what is your suggestion to do on ubuntu ? – Olgun Kaya Aug 15 '12 at 08:12
  • 1
    My suggestion for a solution is the same on all (*NIX) systems. `swatch` is also a good choice - the reason I prefer syslog-ng is that it makes a great centralized logging server in addition to its filtering/action capabilities. If you're asking "How do I keep a service from getting killed?" that's a good (separate) question with lots of possible answers :-) – voretaq7 Aug 15 '12 at 15:38
2

You should check out Logstash. It is a pipeline for your logfiles where you define one input, one (optional) filter, and one output.

The filter can be something that matches only when your pattern occurs, and then output channel to trigger a command.

About logstash

logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs.

pkhamre
  • 6,120
  • 3
  • 17
  • 27
1

You should also consider Fail2Ban. While the program is focused on monitoring scripts for the purposes of banning would-be hacker and the related, it can easily be made to monitor any text log and take almost any action based on what it finds.

Chris S
  • 77,945
  • 11
  • 124
  • 216