[afnog] syslog levels

[Scott Weeks]

--- regnauld at x0.dk wrote:
From: Phil Regnauld <regnauld at x0.dk>
Scott Weeks (surfer) writes:
> 
> Then you won't have to type the above every time.  You can
> call your shell script, say, "logwatch" and then all you 
> have to do is go to the directory and type "./logwatch".  
> Be sure your permissions are set properly: "chmod u+x logwatch"
> 

: So far I agree, but consider using something like "swatch" for this part:
:
: http://swatch.sourceforge.net/



I never heard of this utility and just looked it up.  It appears that this is good when you know what you're looking for as it'll email, or whatever, you when the situation occurs.  What I mentioned is good for just watching to see what's happening in general.  It looks like these tools would complement each other, but one would not replace the other.

I use what I mentioned for my router logs, as well.  I send *everything* (debug and up from every router) to a syslog server using, say, "facility local7" and have it go into /var/log/router.log by using the /etc/syslog.conf file.  I then "tail -f" and pipe into "egrep -v" the file and let the command run continuously throughout the day.  

Every so often I go to the window and look at everything that has happened since the last time I looked.  I demarc what I've already looked at by hitting the spacebar several times.  This creates an easy to find space when scrolling upward by putting in several blank lines.  Everything below the space has not been looked at.  It really ticks off the NOC critters (who are use-GUI-tools-only to their core) because I can see everything and their GUI tools inevitably filter out something or another that they weren't aware of that's important to fix.

I don't understand use-GUI-tools-only people and they don't understand me.  Whatever...

scott