[prev in list] [next in list] [prev in thread] [next in thread] 

List:       swatch-users
Subject:    Swatch-users Digest, Vol 11, Issue 6
From:       swatch-users-request () ucsb ! edu
Date:       2003-03-23 20:00:19
[Download RAW message or body]

Send Swatch-users mailing list submissions to
	swatch-users@ucsb.edu

To subscribe or unsubscribe via the World Wide Web, visit
	http://ucsb.edu/mailman/listinfo/swatch-users
or, via email, send a message with subject or body 'help' to
	swatch-users-request@ucsb.edu

You can reach the person managing the list at
	swatch-users-owner@ucsb.edu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Swatch-users digest..."


Today's Topics:

   1. Re: reporting almost everything (Martin L Jones)


----------------------------------------------------------------------

Message: 1
Date: Sat, 22 Mar 2003 09:54:48 +0000 (GMT)
From: Martin L Jones <mlj@sabreit.demon.co.uk>
Subject: Re: [Swatch-users] reporting almost everything
To: Vijay Avarachen <stalione@avarachen.net>
Cc: swatch-users@ucsb.edu
Message-ID:
	<Pine.LNX.4.33.0303220946500.1133-100000@localhost.localdomain>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 21 Mar 2003, Vijay Avarachen wrote:

> Hi,
> 	I am using swatch with syslog-ng and so far its working great.  One of
> the Windoze admins wants me to set up the swatch so that it ignore some
> things and reports everything else.  I know how to ignore things, but I
> am not sure how to send out everythign else in one email.  I guess he
> wants things to be mailed to him in batches rather than one email for
> every little event.  Can some one help please.

If they want daily summaries then you could try the following:

1) set up the syslog rotation scripts in cron to the desired interval
(e.g. daily)

2) set a cron job 5 mins later or so to run swatch on the file that's just
been rotated out.

We do this here - one script that runs monitoring the current syslog file
catches urgent alerts and e-mails them out, then another that runs nightly
on the newly rotated set of logs which filters out known O.K. messages and
then sends the rest out in a single e-mail.

Here's a truncated version of our nightly script:

----------------------------
LOGDIR=/logs/log
SUMMARY=$LOGDIR/summary
MESSAGES=$LOGDIR/messages.0
CONFIG=/usr/local/etc/swatchrc.nightly
SWATCH=/usr/local/bin/swatch
MAILTO="swatchalert"

$SWATCH --examine $MESSAGES --config-file $CONFIG > $SUMMARY
MESSAGES=$LOGDIR/syslog.0
$SWATCH --examine $MESSAGES --config-file $CONFIG >> $SUMMARY
mailx -s "Nightly Syslog Summary" $MAILTO
----------------------------

Hope this helps,

	Martin.



------------------------------

_______________________________________________
Swatch-users mailing list
Swatch-users@ucsb.edu
http://ucsb.edu/mailman/listinfo/swatch-users


End of Swatch-users Digest, Vol 11, Issue 6
*******************************************
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic