[osiris] Monitoring of log files
Mark Weishaar
mark.weishaar at nisc.coop
Thu Mar 13 14:56:16 EDT 2008
Dave,
Thanks for the help - that did the trick.
Mark
-----Original Message-----
Mark Weishaar wrote:
> For compliance reasons, we need to monitor the syslog files on our
> central syslog server to make sure that they are not modified.
>
> It has been suggested to us that we only monitor the log files that
> have been rotated (which we are doing along with compression on a
> daily basis). The problem I am having is that I do not want to be
> notified when a "new" log file is rotated - I only want to know if one
> of the logs that has been rotated is changed/modified.
>
> Is this a plausible scenario using Osiris?
You can accomplish this through a filter.
In the CLI you can edit the filters using the 'edit-filters' command.
You then create a regex that matches the line you do not want to be
notified for. Example:
\[new\]\[\/var\/log\/.*\.log\]
-dave
More information about the osiris
mailing list