HPE Community
Operating System - HP-UX
1823198 Members
4092 Online
109648 Solutions
New Discussion юеВ

monitoring syslog

 
Animesh Chakraborty
Honored Contributor

тАО08-24-2000 05:35 PM

тАО08-24-2000 05:35 PM

monitoring syslog

Hi,
can any one suggest what is the best way to monitor syslog everyday for several server.
I am not using ITO.
Thanx
animesh
Did you take a backup?
0 Kudos
Reply
6 REPLIES 6
Jeremiah Campbell
Advisor

тАО08-24-2000 05:56 PM

тАО08-24-2000 05:56 PM

Re: monitoring syslog

I run a script that remsh's to each server and grep's for keywords such as "error fail full unable terminat restart" etc... The context is fairly easy;
#############################
#!/usr/bin/sh
for server in `cat server.list`
do
for error in `cat error.list`
do
remsh $server "grep $error /var/adm/syslog/syslog.log" >> a.out
done
done
#######################
Don't forget to put a entry in each .rhosts file on each server including the one the script runs from for the machine and the uid that will run it. example:
myhp myuid

Do not use any plus + signs in the .rhosts file unless you don't care about security.
0 Kudos
Reply
Jeremiah Campbell
Advisor

тАО08-24-2000 05:58 PM

тАО08-24-2000 05:58 PM

Re: monitoring syslog

I run a script that remsh's to each server and grep's for keywords such as "error fail full unable terminat restart" etc... The context is fairly easy;
#############################
#!/usr/bin/sh
for server in `cat server.list`
do
for error in `cat error.list`
do
remsh $server "grep $error /var/adm/syslog/syslog.log" >> a.out
done
done
#######################
Don't forget to put a entry in each .rhosts file on each server including the one the script runs from for the machine and the uid that will run it. example:
myhp myuid

Do not use any plus + signs in the .rhosts file unless you don't care about security.

You need to put all your servers one-per-line in the server.list file, and any keywords you want to look for in error.list.
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО08-24-2000 05:58 PM

тАО08-24-2000 05:58 PM

Re: monitoring syslog

you could set it up so that the syslogd on one system will send the messages to another system. Then you could monitor one system's syslog for multiple systems.

Use the @host option in the /etc/syslog.conf file then execute: kill -HUP `cat /etc/syslog.pid` to reread the changes made to syslog.conf

# man 1M syslogd
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

тАО08-24-2000 06:35 PM

тАО08-24-2000 06:35 PM

Re: monitoring syslog

I would rather go with Denver's option - and in addition to that, you can have a script that greps for particular keywords "fail|error|warn|alert|" and send an e-mail to you.

eg.
egrep -i 'fail|error|warn|alert|' | mail -s "syslog error/fail messages" yourself@your.domain.com

nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

тАО08-24-2000 06:44 PM

тАО08-24-2000 06:44 PM

Re: monitoring syslog

I would rather go with Denver's option - and in addition to that, you can have a script that greps for particular keywords "fail|error|warn|alert|" and send an e-mail to you.

eg.
egrep -i 'fail|error|warn|alert|' | mail -s "syslog error/fail messages" yourself@your.domain.com
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

тАО08-24-2000 07:52 PM

тАО08-24-2000 07:52 PM

Re: monitoring syslog

I would rather go with Denver's option - and in addition to that, you can have a script that greps for particular keywords "fail|error|warn|alert|" and send an e-mail to you.

eg.
egrep -i 'fail|error|warn|alert|' /var/adm/syslog/syslog.log | mail -s "syslog error/fail messages" yourself@your.domain.com
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.