Linux Log Monitoring Watcher - About Watching UNIX Log Files
Linux Log Monitoring and Watching - How can you monitor your Linux log recordsdata with out having to spend hours writing a script for it or looking out the internet endlessly for a Linux log monitoring solution?
Linux log file monitoring and/or log watching is a duty that's in a unique dimension all by itself. It is unique. The rationale I say this is that, log information in Linux often range in format which makes it troublesome for many Linux customers to perform the duty of monitoring their numerous logs.
Log files in Linux are either of a customized nature (software related), or system related and it is usually unimaginable to search out one good monitor that may be set up to watch them all. This is because not all log information are formatted in the identical manner, particularly in a manufacturing environment.
But what exactly do I imply by "format"?
By format, I am referring solely to the format of the dates that is often at first of every line in a Linux/UNIX log file.
For example, a typical /var/log/messages system go browsing a Linux server, will look something like this:
Linux System Log-File:
[nagios.kedy0:501] tail -6 /var/log/messages
Sep 18 08:23:fifty one nagios snmpd[4539]: Received SNMP packet(s) from UDP: [10.10.*.*]:47725
Sep 18 08:23:54 nagios snmpd[4539]: Connection from UDP: [10.10.*.*]:47725
Sep 18 08:24:11 nagios sshd[13078]: Licensed to root, krb5 principal dadmin/root@NETNET
Sep 18 08:24:eleven nagios sshd[13078]: permit_root_login: PERMIT_GSSAPI_ONLY technique: gssapi-with-mic
Sep 18 08:24:11 nagios sshd[13078]: GSSAPIII authenticated jbowman login accepted
Sep 18 08:24:11 nagios sshd[13078]: Accepted gssapi-with-mic for root from 10.10.*.* port 5345 ssh2
[nagios.kedy0:502]
Discover the primary three columns of each line of log within the above Linux system log. They symbolize the date and time.
Another log file, normally a custom application log file (not a system log just like the one above), can appear like this:
Software Log-File:
[nagios.kedy0:516] tail -3 /prod/app.log
2011/01/20 14:26:35 UTC [SMTPProper,48088609,69.*.*.*] Receiving message for delivery: from=17777551333@vim.blah.com to=['17777551333@vim.blah.com']
2011/01/20 14:26:35 UTC [-] Attempting 'attach' (promo is False) supply for 17777551333
2011/01/20 14:26:35 UTC [-] Starting manufacturing facility
[nagios.kedy0:517]
Explanation of both Log-Information:
Once more, concentrate on the columns; within the case of the appliance log, it's the first 2 columns that matter.
Within the first output of the /var/log/messages log, the fields of the date are separated by spaces and are a combination of phrases and numbers.
Within the second output of a customized utility log, the day, month and 12 months are separated with ahead slashes and they're all numerical. Discover the order they're in. The yr comes first, then the month, then the day. Other log recordsdata might have the order reversed; with the day coming first, followed by the month, then adopted by the year. Different logs might have the fields separated by hyphens as an alternative of slashes. The scenarios listed below are endless.
Do you now see how making an attempt to observe a Linux log, with out the correct log device, can be a hellish taskl?
Linux Log Monitoring and Watching - How can you monitor your Linux log recordsdata with out having to spend hours writing a script for it or looking out the internet endlessly for a Linux log monitoring solution?
Linux log file monitoring and/or log watching is a duty that's in a unique dimension all by itself. It is unique. The rationale I say this is that, log information in Linux often range in format which makes it troublesome for many Linux customers to perform the duty of monitoring their numerous logs.
Log files in Linux are either of a customized nature (software related), or system related and it is usually unimaginable to search out one good monitor that may be set up to watch them all. This is because not all log information are formatted in the identical manner, particularly in a manufacturing environment.
But what exactly do I imply by "format"?
By format, I am referring solely to the format of the dates that is often at first of every line in a Linux/UNIX log file.
For example, a typical /var/log/messages system go browsing a Linux server, will look something like this:
Linux System Log-File:
[nagios.kedy0:501] tail -6 /var/log/messages
Sep 18 08:23:fifty one nagios snmpd[4539]: Received SNMP packet(s) from UDP: [10.10.*.*]:47725
Sep 18 08:23:54 nagios snmpd[4539]: Connection from UDP: [10.10.*.*]:47725
Sep 18 08:24:11 nagios sshd[13078]: Licensed to root, krb5 principal dadmin/root@NETNET
Sep 18 08:24:eleven nagios sshd[13078]: permit_root_login: PERMIT_GSSAPI_ONLY technique: gssapi-with-mic
Sep 18 08:24:11 nagios sshd[13078]: GSSAPIII authenticated jbowman login accepted
Sep 18 08:24:11 nagios sshd[13078]: Accepted gssapi-with-mic for root from 10.10.*.* port 5345 ssh2
[nagios.kedy0:502]
Discover the primary three columns of each line of log within the above Linux system log. They symbolize the date and time.
Another log file, normally a custom application log file (not a system log just like the one above), can appear like this:
Software Log-File:
[nagios.kedy0:516] tail -3 /prod/app.log
2011/01/20 14:26:35 UTC [SMTPProper,48088609,69.*.*.*] Receiving message for delivery: from=17777551333@vim.blah.com to=['17777551333@vim.blah.com']
2011/01/20 14:26:35 UTC [-] Attempting 'attach' (promo is False) supply for 17777551333
2011/01/20 14:26:35 UTC [-] Starting manufacturing facility
[nagios.kedy0:517]
Explanation of both Log-Information:
Once more, concentrate on the columns; within the case of the appliance log, it's the first 2 columns that matter.
Within the first output of the /var/log/messages log, the fields of the date are separated by spaces and are a combination of phrases and numbers.
Within the second output of a customized utility log, the day, month and 12 months are separated with ahead slashes and they're all numerical. Discover the order they're in. The yr comes first, then the month, then the day. Other log recordsdata might have the order reversed; with the day coming first, followed by the month, then adopted by the year. Different logs might have the fields separated by hyphens as an alternative of slashes. The scenarios listed below are endless.
Do you now see how making an attempt to observe a Linux log, with out the correct log device, can be a hellish taskl?
No comments:
Post a Comment