Alert Manager was created to run a (alert) command, monitor the status of that command's output, and guarantee that if something goes wrong it won't go unnoticed. Alert Manager has been successfully deployed in several fortune 500 companies providing guaranteed alert delivery and command execution. It has a very flexable configuration file that allows creation of "alert chains" - chains of commands, each with their own fallback command, failure command, timeout, retry counter, and other advanced options. It has a method for passing messages from the command line into the various commands defined in the configuration file and many other useful features. Alert Manager is licensed under the GPL.
Logdog is a tool that monitors messages passing through syslogd and takes action based on key words and phrases. Logdog has a configuration file which allows you to specify a list of key words or phrases to alert on, and a list of commands that can be run when those words are encountered. Logdog is licensed under the GPL.
swatch (the “Simple WATCHer”) does. swatch, written 100% in Perl, monitors logs as they're being written to and takes action when it finds something you've told it to look for. This simple, flexible and useful tool is a must-have for any healthily fearful system administrator.
Central Loghost Mini-HOWTO This page is simply a collection of open source tools you can use to glue together your own centralized (syslog) loghost. Included are example configuration settings so that you can configure your loghost in a manner similar to mine. There is very little that you need to read and understand in order to use these tools. Also, these tools are widely used and therefore easy to get help with on internet mailing lists. I established a centralized location for syslog collection in order to facilitate: Log reporting real time alerting periodic (several times per day) summary reporting Log storage long term archival for possible later analysis Tools used: UNIX hosts (Linux and Solaris) Modified logcheck script(s). Syslog-NG Swatch though I'm slowly moving to SEC, this page will be updated once I've completely switched Splunk for a GUI interface Stunnel
Central Loghost Mini-HOWTO This page is simply a collection of open source tools you can use to glue together your own centralized (syslog) loghost. Included are example configuration settings so that you can configure your loghost in a manner similar to mine. There is very little that you need to read and understand in order to use these tools. Also, these tools are widely used and therefore easy to get help with on internet mailing lists. I established a centralized location for syslog collection in order to facilitate: Log reporting real time alerting periodic (several times per day) summary reporting Log storage long term archival for possible later analysis Tools used: UNIX hosts (Linux and Solaris) Modified logcheck script(s). Syslog-NG Swatch though I'm slowly moving to SEC, this page will be updated once I've completely switched Splunk for a GUI interface Stunnel
Splunk is a popular Linux web application that gives IT administrators a birds-eye view of their log files, or more appropriately, a bees-eye view. Not only will it index and chart log file events in a beautifully rendered web format, but it also allows a