Take a look at OSSEC (http://ossec.net). It's really a Host-Based Intrusion Detection Engine, but will watch whatever log files you specify and will match entries in those files against rulesets and can take action based on the entries. Sounds like it might be something that would work for you.
Good Luck ~k On Mon, 2013-11-04 at 17:28 +0000, James R Grinter wrote: > I'm looking for a Unix log monitoring script that is functional and > straightforward to configure. > > (I've just wasted an afternoon with the latest version of 'swatch' that I > can find, from April 2013. Its configuration seems so brittle and hard to > debug and I don't really have the time to dig deeper into its byzantine > "create a Perl script on the fly" behaviour to understand why my attempt at > a simple configuration generates errors like [sh: -c: line 0: unexpected EOF > while looking for matching `"']) > > I have a number of different log files each which may report different > things of interest to me, so I'm ideally looking for a tool that can be > configured with multiple configuration files (e.g. one per log file). But I > don't really want to have to manage many different services/running daemons > in order to do that (SEC - Simple Event Correlator - may be able to do this, > but the online tutorial makes configuring it look very complicated.) > > I'm not really looking for a tool as complex and powerful as Splunk or > greylog, either. Something that can watch a log file, match a pattern, and > execute a command is all I need right now. > > James. > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ -- _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
