LOG PARSING

NUMEROUS LOG PARSING TOOLS & SCRIPT UTILITIES

http://www.loganalysis.org/sections/parsing/generic-log-parsers/index.html

EPYLOG

http://linux.duke.edu/projects/epylog/

EPYLOG IS A SYSLOG PARSER WHICH RUNS PERIODICALLY, LOOKS AT YOUR LOGS, PROCESSES SOME OF THE ENTRIES IN ORDER TO PRESENT THEM IN A MORE COMPREHENSIBLE FORMAT, AND THEN MAILS YOU THE OUTPUT. IT IS WRITTEN SPECIFICALLY FOR LARGE NETWORK CLUSTERS WHERE A LOT OF MACHINES (AROUND 50 AND UPWARDS) LOG TO THE SAME LOGHOST USING SYSLOG OR SYSLOG-NG. IT IS AN ALTERNATIVE TO A SIMILAR PACKAGE, CALLED LOGWATCH.

ADMLOGGER

http://aaron.marasco.com/linux.html

"ADMLOGGER" IS A LOG ANALYZING ENGINE BASED ON 'FIREPARSE.' AFTER I HAD WRITTEN FIREPARSE, I HAD FOUND MYSELF WRITING LITTLE SCRIPTS BASED ON IT. LIKE ONE THAT TOLD ME WHAT MY FTP SERVER DID THAT DAY. AND THEN MORE THINGS LIKE - WERE UNAUTHORIZED MACHINES TRYING TO GET IP ADDRESSES FROM MY DHCP SERVER? SO I DECIDED TO RIP OUT THE 'ENGINE' OF FIREPARSE TO CREATE A GENERIC LOG ANALYZER SYSTEM. USING THIS CORE, I COULD EASILY BUILD UPON IT WITH PLUGINS. THIS ALSO MADE IT EASIER ON MY SYSTEMS SINCE THERE WAS NOW ONLY ONE ENTRY FOR CRON, AND I DIDN'T HAVE DIFFERENT CODE EVERYWHERE - A BUG FIX IN FIREPARSE HAD ME SEARCHING THE REST OF MY SYSTEMS LOOKING TO SEE IF I STILL USED THAT LINE.
FOR THE AVERAGE LINUX USER, ADMLOGGER WILL PROBABLY ONLY BE A MEANS TO AN END - THAT END BEING ABLE TO RUN FIREPARSE. BUT WITH VERY LITTLE PERL PROGRAMMING KNOWLEDGE, IT MAY BECOME A POWERFUL TOOL IN A SYSTEM ADMINISTRATOR'S TOOLBOX.
ADMLOGGER CREATES E-MAIL REPORTS THAT CAN BE FORMATTED PLAIN TEXT OR FULL HTML, WHICH IS UP TO THE PLUGIN DESIGNERS TO SUPPORT. THE MAIN SYSTEM HAS A HTML PREFERENCE, SO IF YOUR PLUGIN IGNORES IT, SO BE IT. ADMLOGGER WILL ALSO REMOVE ALL FILTERED ENTRIES FROM THE MAIN SYSLOG FILE INTO A SECOND FILE SO YOUR OTHER ENTRIES ARE MORE NOTICEABLE.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License