I'm looking for a way to monitor my logfiles while selectively ignoring noise, i.e. entries that *I* understand and am not worried about.
This sounds like logcheck's mandate, except that logcheck seems to be more geared towards letting package maintainers define rules for filtering normal entries. For instance, there are a number of rules in ignore.d.paranoid that filter out unsuccesful mail delivery attempts that I don't want. Since these files are managed by the debian package system, I don't want to edit them directly, for fear of having all my changes overwritten at next upgrade. I'm getting the feeling that I should just roll my own solution, but I thought I'd ask first if there were alternative packages or other more elegant approaches I should look at. Would it be appropriate to try building something on top of syslog-ng's filter rules? Ian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
