Log Monitoring Tools for Unix: Linux, Ubuntu, Crimson Hat and Solaris Servers
The best way to Simply Monitor and Alert on Unix Log Files...STRESS FREE!
Log Monitoring Tools for Linux and Solaris: Do you wish to monitor UNIX log file on a Linux or Sun Solaris System based mostly on a timeframe (i.e. seek for the incidence of "sample" within the log file within the final x amount of minutes)? If that's the case, this article will save you hours and days of laborious work.
For those who work in a UNIX surroundings, a time will come when you'll want to have caught an issue on a number of of your servers earlier than you did. When that point comes, you'll scroll via your system or software logs and you will find quite a lot of errors in there that speaks to an oncoming/creating problem.
You may marvel how you can monitor these logs sooner or later and alert yourself in the event of a problem. You may search the net for options and you will uncover, to your dismay, that nothing out there's easy and simple sufficient to implement in your specific UNIX environment.
Then, you will need to write your individual script. However alas, it is at this point that your mind will go blank. As a result of as you start to write your own log monitoring script, you will sadly discover that it really isn't an easy thing to do. So you will begin to surprise in desperation, what do I do?
Nicely, I am going to inform you what you ought to do: Download or Write Your individual 'Sensible Log Script' and Maintain it Simple!
What do I mean by that? Properly, if you want to monitor a log file for errors/strings, and also you're concerned with effectivity, no matter script you write or download MUST observe the outline below. Emphasis on MUST!
For instance, say you want to monitor the final x amount of minutes or hours of data in a particular log file for sure strings and alert if the strings are discovered, you MUST mannequin your log monitoring script after the following tool:
Unix Log Software: /bin/LogRobot (logfile-absolute-path) (time-in-minutes) '(string1)' '(string2)' (-discovered) (warn) (essential)
Instance: /bin/LogRobot /var/log/messages 60 'luance' 'Err1310' -found 5 10
So on this example,
/bin/LogRobot is the tool name.
/var/log/messages is the log file.
60 is the quantity of earlier minutes you need to search the log file for.
"luance" is without doubt one of the strings that is on the road of logs that you simply're interested in.
"Err1310" is one other string on the identical line that you look forward to finding the "luance" string on. Specifying these two strings (luance and Err1310) isolates and processes the strains you want so much faster, significantly in the event you're dealing with a huge log file.
-found specifies what type of response you may get. By specifying -found, you are saying if anything is discovered that matches the required strings within the 60 minute timeframe, then that needs to be thought to be a problem and outputted out.
5 specifies Warning. By specifying 5, you are telling this system to alert as WARNING if there are at least 5 occurrences of the search strings you specified, in the log file throughout the last 60 minutes.
10 specifies Critical. By specifying 10, you are telling the program to alert as CRITICAL if there are a minimum of 10 occurrences of the search strings you specified, within the log file inside the final 60 minutes.
Summarized Explanation:
As you can see, the LogRobot software is monitoring a log file. The arguments which are passed to this log monitoring software instructs it to do the following:
Throughout the final 60 minutes, if the software finds lower than 5 occurrences of the desired search strings in the log file, it WILL NOT alert. If the script finds at least 5 to 9 occurrences of the required strings within the log, it'll alert with a WARNING. If the script finds at the least 10 or more occurrences of the strings in the log throughout the final 60 minutes, it will alert with a CRITICAL.
How straightforward is that? EXTREMELY!
The best way to Simply Monitor and Alert on Unix Log Files...STRESS FREE!
Log Monitoring Tools for Linux and Solaris: Do you wish to monitor UNIX log file on a Linux or Sun Solaris System based mostly on a timeframe (i.e. seek for the incidence of "sample" within the log file within the final x amount of minutes)? If that's the case, this article will save you hours and days of laborious work.
For those who work in a UNIX surroundings, a time will come when you'll want to have caught an issue on a number of of your servers earlier than you did. When that point comes, you'll scroll via your system or software logs and you will find quite a lot of errors in there that speaks to an oncoming/creating problem.
You may marvel how you can monitor these logs sooner or later and alert yourself in the event of a problem. You may search the net for options and you will uncover, to your dismay, that nothing out there's easy and simple sufficient to implement in your specific UNIX environment.
Then, you will need to write your individual script. However alas, it is at this point that your mind will go blank. As a result of as you start to write your own log monitoring script, you will sadly discover that it really isn't an easy thing to do. So you will begin to surprise in desperation, what do I do?
Nicely, I am going to inform you what you ought to do: Download or Write Your individual 'Sensible Log Script' and Maintain it Simple!
What do I mean by that? Properly, if you want to monitor a log file for errors/strings, and also you're concerned with effectivity, no matter script you write or download MUST observe the outline below. Emphasis on MUST!
For instance, say you want to monitor the final x amount of minutes or hours of data in a particular log file for sure strings and alert if the strings are discovered, you MUST mannequin your log monitoring script after the following tool:
Unix Log Software: /bin/LogRobot (logfile-absolute-path) (time-in-minutes) '(string1)' '(string2)' (-discovered) (warn) (essential)
Instance: /bin/LogRobot /var/log/messages 60 'luance' 'Err1310' -found 5 10
So on this example,
/bin/LogRobot is the tool name.
/var/log/messages is the log file.
60 is the quantity of earlier minutes you need to search the log file for.
"luance" is without doubt one of the strings that is on the road of logs that you simply're interested in.
"Err1310" is one other string on the identical line that you look forward to finding the "luance" string on. Specifying these two strings (luance and Err1310) isolates and processes the strains you want so much faster, significantly in the event you're dealing with a huge log file.
-found specifies what type of response you may get. By specifying -found, you are saying if anything is discovered that matches the required strings within the 60 minute timeframe, then that needs to be thought to be a problem and outputted out.
5 specifies Warning. By specifying 5, you are telling this system to alert as WARNING if there are at least 5 occurrences of the search strings you specified, in the log file throughout the last 60 minutes.
10 specifies Critical. By specifying 10, you are telling the program to alert as CRITICAL if there are a minimum of 10 occurrences of the search strings you specified, within the log file inside the final 60 minutes.
Summarized Explanation:
As you can see, the LogRobot software is monitoring a log file. The arguments which are passed to this log monitoring software instructs it to do the following:
Throughout the final 60 minutes, if the software finds lower than 5 occurrences of the desired search strings in the log file, it WILL NOT alert. If the script finds at least 5 to 9 occurrences of the required strings within the log, it'll alert with a WARNING. If the script finds at the least 10 or more occurrences of the strings in the log throughout the final 60 minutes, it will alert with a CRITICAL.
How straightforward is that? EXTREMELY!