Log Monitoring Tools for Linux and Solaris:
Do you wish to monitor log files on Linux and / or Sun Solaris Systems?
If so, you may wish to perform a variety of different functions on such logos. For example, among many other tasks, you may wish to monitor your logs for the occurrence or LACK of occurrence of specific "patterns" within the last x amount of time.
Additionally, you may also want to monitor the size of the log to make sure it does not fill up too much disk space. To add to that, you may also need to check timestamps to ensure your log file (s) are being updated regularly. And most importantly, in some cases, there might be a need to perform some sort of analysis on the behavioral nature of the contents of the logs.
While there are many log monitoring tools out there, this article will seek to guide you in the proper direction that will consist of the least stress and complication.
To monitor, check, alert OR graph statistical contents of log files, you need a good log monitoring tool. There are many log checking software on the internet, but almost all of them are complicated and are not as easy to use as the tool I'm going to tell you about this article. The tool name is logrobot and it is a tool that works straight from the command line. There are no configuration files for you to get familiar with, there are no installation packages for you to install in order to get it to work. This is a powerful, versatile log monitoring tool that just works right out of the box!
Say you want to monitor the last x amount of minutes or hours of data in a particular log file for certain strings and alert if the strings are found, the tool that will do that for you is called logrobot. and here's how it works:
Unix Log Tool: / string () ((string-)) (-found (warn (critical)
Example: ## / bin / LogRobot / var / log / messages 60 'luance' 'Err1310' -found 5 10
So in this example,
/ bin / LogRobot is the tool name.
/ var / log / messages is the log file.
60 is the amount of previous minutes you want to search the log file for.
"luance" is one of the strings that is on the line of logs that you're interested in.
"Err1310" is another string on the same line that you expect to find the "luance" string on. Specifying these two strings (luance and Err1310) isolates and processes the lines you want a lot quicker, particularly if you're dealing with a huge log file.
-found specifics what type of response you'll get. By specifying -found, you're saying if anything is found that matches the specified strings within the 60 minute time frame, then that should be considered as a problem and outputted out.
5 specific Warning. By specifying 5, you're telling the program to alert as WARNING if there are at least 5 occurrences of the search strings you specified, in the log file within the last 60 minutes.
10 specifics Critical. By specifying 10, you're telling the program to alert as CRITICAL if there are at least 10 occurrences of the search strings you specified in the log within the last 60 minutes.
As you can see, the LogRobot tool is monitoring a specific log. The arguments that are passed to this log monitoring tool instructions it to do the following:
Within the last 60 minutes, if the tool finds fewer than 5 occurrences of the specified keywords / patterns in the log-file, it WILL NOT alert. If the script finds between 5 to 9 occurrences of the keywords / patterns in the log, it'll alert with a WARNING. If the script finds at least 10 or more occurrences of the strings in the log within the last 60 minutes, it'll alert with a CRITICAL.
How simplified is that? Very! No other tool comes close!