Monitoring any changes in /var/log/messages to file

Monitoring any changes in /var/log/messages to file

Post by Sergiusz Michalsk » Sat, 12 Jul 2003 17:57:37



Hi!

Maybe you hav any good idea how to detect any new changes maked in
/var/log/messages and write it to new separate file. Any script???

I've tried to use diff program but I need to have 2 files to compare so  I
don't think that this is  an optional solution.

Thanks for all advices.

Serge M.

 
 
 

Monitoring any changes in /var/log/messages to file

Post by Bit Twiste » Sat, 12 Jul 2003 23:39:22



> Hi!

> Maybe you hav any good idea how to detect any new changes maked in
> /var/log/messages and write it to new separate file. Any script???

> I've tried to use diff program but I need to have 2 files to compare so  I
> don't think that this is  an optional solution.

Untested code follows:

if [ ! -e /tmp/msg.old ] ; then        # day1 create reference file
  sum /var/log/messages > /tmp/msg.old
fi

sum /var/log/messages > /tmp/msg.sum
diff /tmp/msg.sum msg.old
if [ ! $? ] ; then
  cp /var/log/messages /some/where/messages_$(date +%F_%H_%M)
  cp /tmp/msg.sum /tmp/msg.old
  mail -s "/var/log/messages changed" root < /dev/null
fi

 
 
 

Monitoring any changes in /var/log/messages to file

Post by Sergiusz Michalsk » Sun, 13 Jul 2003 01:01:35


thats it, thx




> > Hi!

> > Maybe you hav any good idea how to detect any new changes maked in
> > /var/log/messages and write it to new separate file. Any script???

> > I've tried to use diff program but I need to have 2 files to compare so
I
> > don't think that this is  an optional solution.

> Untested code follows:

> if [ ! -e /tmp/msg.old ] ; then        # day1 create reference file
>   sum /var/log/messages > /tmp/msg.old
> fi

> sum /var/log/messages > /tmp/msg.sum
> diff /tmp/msg.sum msg.old
> if [ ! $? ] ; then
>   cp /var/log/messages /some/where/messages_$(date +%F_%H_%M)
>   cp /tmp/msg.sum /tmp/msg.old
>   mail -s "/var/log/messages changed" root < /dev/null
> fi

 
 
 

Monitoring any changes in /var/log/messages to file

Post by V. Turne » Mon, 14 Jul 2003 10:40:10



> Hi!

> Maybe you hav any good idea how to detect any new changes maked in
> /var/log/messages and write it to new separate file. Any script???

> I've tried to use diff program but I need to have 2 files to compare so  I
> don't think that this is  an optional solution.

> Thanks for all advices.

> Serge M.

I've never used either, but "Unix System Administration Handbook" (E. Nemeth
et al., ISBN 0-13-020601-6) recommends swatch and logcheck for analyzing
logs.  Quote: "While swatch can process an entire file in a single bound,
it's primarily intended to be left running so that it can review new
messages as they arrive, a la tail -f"
 
 
 

1. How large can /var/log/messages and /var/log/syslog get ?

My /var/log/messages is now over 3 meg, and my syslog is 200+ k. I'm
very curious how far is this going to go ?
Is there a way to restrict their sizes ?

cheers,
Hong Siang.
--
======================================================================
The sticker on the box said, "Windows 95, Windows NT 4.0, or better."
So I installed Linux.
======================================================================
Teo Hong Siang                                   Tel (H): (65)746 2598
Manager, DTG Development Office                      (O): (65)772 7114

2. How to send mail to COMPUSERVE

3. How to close /var/log/syslog and /var/log/messages..

4. soundcard problems

5. Help analyzing log file /var/log/messages on RH 5.1

6. Snoop

7. message in my /var/log/messages file that I don't understand

8. Internet Services

9. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

10. Changed modem COM port now /var/log/messages strangeness

11. How can I keep track of the change of "/var/log/message"?

12. ATAPI cd-rom creates many, many logs in /var/log/messages

13. /var/log/messages with size of 0 and no logs are written !?