[osiris] Monitoring of log files
Dave
dave at terriblelies.net
Thu Mar 13 13:10:12 EDT 2008
Mark Weishaar wrote:
> For compliance reasons, we need to monitor the syslog files on our
> central syslog server to make sure that they are not modified.
>
> It has been suggested to us that we only monitor the log files that have
> been rotated (which we are doing along with compression on a daily
> basis). The problem I am having is that I do not want to be notified
> when a "new" log file is rotated - I only want to know if one of the
> logs that has been rotated is changed/modified.
>
> Is this a plausible scenario using Osiris?
You can accomplish this through a filter.
In the CLI you can edit the filters using the 'edit-filters' command.
You then create a regex that matches the line you do not want to be
notified for. Example:
\[new\]\[\/var\/log\/.*\.log\]
-dave
More information about the osiris
mailing list