On Mon, 2018-08-13 at 10:13 +1200, Richard Hector wrote: > On 13/08/18 05:57, Jim Popovitch wrote: > > Interesting. I'm using it via a cron script like so: > > > > * * * * * grep "unusual" /opt/logs/* | /opt/notify.sh `hostname`; > > I don't know what's in notify.sh, but it looks to me like you're > going to get notified every minute for all the unusual log entries, > whether you've already seen them or not?
That was just an example of what I'm doing. In reality logtail's in there, but it made the example line too long. > Have you looked at logcheck or other similar existing solutions? Yes, i use logcheck religiously, despite the absolute lack of logcheck rules maintenance that exists in most packages not installed on a default system (looking at you nginx, postfix, bind9, cron, clamav*, openvpn, dovecot, opendmarc, monit, and openntpd). I'd submit the improvements to the appropriate maintainers, but I dislike rejection. ;-) -Jim P.
