On Sat, Oct 07, 2006 at 10:07:29 -0400, Robert C. Sanchez wrote: > On Sat, Oct 07, 2006 at 09:23:03AM -0400, Ian D. Leroux wrote: > > I'm looking for a way to monitor my logfiles while selectively > > ignoring > > noise, i.e. entries that *I* understand and am not worried about. > > > > This sounds like logcheck's mandate, except that logcheck seems to be > > more geared towards letting package maintainers define rules for > > filtering normal entries. For instance, there are a number of rules > > in > > ignore.d.paranoid that filter out unsuccesful mail delivery attempts > > that I don't want. Since these files are managed by the debian > > package > > system, I don't want to edit them directly, for fear of having all my > > changes overwritten at next upgrade. > > > > I'm getting the feeling that I should just roll my own solution, but I > > thought I'd ask first if there were alternative packages or other more > > elegant approaches I should look at. Would it be appropriate to try > > building something on top of syslog-ng's filter rules? > > > What I have done it place a file into /etc/logcheck/ignore.d.paranoid/ > called local and symlinked into ignore.d.server and ignore.d.workstation > where I can define my own rules. That way, I get the benefit of > logcheck ignoring the stuff I want ignored, and I also need not worry > about it being overwritten on upgrade.
As I understand it, that's a mechanism to ignore *more* than the default. Does it give me a way to ignore *less*, short of manually deleting the existing rule files? Ian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
