The Linux logwatch package operates on a "these patterns are okay, these patterns are bad, anything else is unmatched, here's those ones" basis.
There are many modules for different daemons. It might be a good starting point. On Sat, Aug 22, 2015 at 10:16 AM Edward Ned Harvey (lopser) < lop...@nedharvey.com> wrote: > I am surprised nobody had a "just use this product" or "just google for > this search term" response - > > Let me describe a little more what I'm looking for - > > So you create a VM, and turn on apache. Of course it has a default config > file, including a default number of MPM preforks and threads and so on. > These things should be tweaked based on the memory your website requires > per thread, and the amount of ram you have, and number and type of > processors. If you have the numbers too small, and you get a lot of > traffic, then a bunch of users will get "page cannot be displayed" and you > won't know about it, unless you know what to search for in your logs. If > you set the numbers too high, you can become processor or memory starved. > This might cause terrible response times or OOM errors to appear in logs, > which again, result in some percentage of users getting "page cannot be > displayed," and you don't know about it unless you know what to search for > in logs. > > We already have monitoring and alerting systems that tell us if CPU load > thresholds get exceeded, or memory thresholds exceeded. We have systems > that periodically (every minute) download pages from the server, and alert > us if they don't get the expected results. > > So I'm confident we'll be alerted if the server(s) go down completely, or > become CPU or memory starved. I'm not sure if we're monitoring response > time - I can look into it - But if we've configured the MPM resources too > small (or anything else) we'll have error messages appearing in the logs, > and go undetected. Meanwhile users will be affected, and we're not alerted. > > In Microsoft, the event viewer filters all the critical and failure alerts > for you. Apache generates strings in the log file such as "Fatal error: Out > of memory (allocated 786432) (tried to allocate 24576 bytes)" > > I am certain somebody already itemizes all the common or important error > messages that could appear in logs, to separate them from all the noise. > Virtually every line in the access_log and error_log are non-fatal, > non-important, just saying that some requested file doesn't exist, or does > exist, or stuff like that. > > There's got to be a good way to search all the logs, regularly, to find > messages that need attention. > > The same idea applies to apache, mysql, syslog, I don't know what else. > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
