Quoting DACross at nwc.edu (DACross at nwc.edu): > > Does anyone have any recommendations for log analysis? We're planning to > have one Linux machine collect syslog data for a number of servers but we > need something to weed through the VERY large log files that will be > generated. > > I thought I remembered some discussion about this a while ago so I searched > through the list archives, but didn't find anything. Any help would be > appreciated. Make sure logcheck is installed, by default it runs through the logs once a day and emails you a report. It's very chatty. At Real Time we have had to turn down the chattiness. Also, run swatch on your log files for real time notification/alters to issues. Just ssh to the loghost and keep swatch running all the time. -- Minneapolis St. Paul Twin Cities MN | Phone : (952)943-8700 http://www.mn-linux.org Minnesota Linux | Fax : (952)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9