Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Simple server monitoring: logwatch

Jerry Feldman wrote:
> ...for ultimate simplicity logwatch gives you a lot of information...

I use logwatch on to monitor my personal machines, and I have a
love-hate relationship with it. The good parts are that it is easy to
install, highly configurable, and not too hard to extend.

The bad part is that it has a poor "out of the box" experience, as
packaged by Debian/Ubuntu. The daily reports are too noisy. Filled with
things that are only informational. So after a while, you grow tired of
looking at them, they pile up, and then are completely ignored. So any
benefit is lost.

To make it useful you have to tune it to produce the informational
reports on a much lower frequency, like weekly, and have it send alerts
for the unexpected things as-needed.

The other down side is that the log filters bundled with logwatch
inevitably fall behind in their understanding of what messages other
packages generate. So you'll get an update to say smartd, and it'll
start logging some new message that the current smartd logwatch filter
doesn't recognize, so it gets reported as an anomaly. You then have to
file a bug[1], and either live with the noise, or fix the filter.


It's designed for batch processing logs, which limits how short of an
update period you can practically use, which means it isn't an
appropriate solution for a production server.


Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /