On Fri, Mar 22, 2002 at 11:54:44AM -0600, Bob Tanner wrote: > Make sure logcheck is installed, by default it runs through the logs once a day > and emails you a report. It's very chatty. At Real Time we have had to turn down > the chattiness. the thing I hate about logcheck is that in order to configure it, you need to be a perl coder, and spend at least an hour figuring out the organization of the scripts (give you a hint, the files in /etc/log.d/conf don't actually configure much. you have to edit the scripts themselves, in /etc/log.d/scripts) swatch is 100 times easier to configure; but seems more oriented towards real-time log watching. it can be configured to send alert mails, tho, so it may be reasonable to: - log everything to /var/log/syslog - rotate that file out with logrotate periodically - run swatch over that file you just rotated out. (what logcheck does is remember the point in the file it last checked up to, rather than have to start on a fresh file each time to avoid duplicate alterts). hmmm, I may have to experiment with that. Carl Soderstrom. -- Network Engineer Real-Time Enterprises www.real-time.com