Logger.pl By Patricio D. Anguita (pdazero@yahoo.com) Usage: perl logger.pl < [input file] > [output file] Example: perl logger.pl analysis.log Platforms: Well, its written in Perl so... Description: This utility examines certain types of logs, watching for keywords and extracting interesting lines as it builds a smaller, and easily reading log analysis. If the same error repeats itself, the script will count the number of repetitions and output it between brackets at the end of the line. Its designed to work with files in the /var/log/ dir, like 'messages','secure', etc. It is specially useful when run from the crontab once a day on the combined syslog of many servers, e.g., you have configured all your servers to send syslog information to one host, so that logging is centralized. For example, take this script: #!/bin/sh #***************************************************************************** # chklog.sh # Parses every log under /var/log/syslog directory with logger.pl # And mails results to root #***************************************************************************** DATE=`date +%d%m%y` for file in auth.log daemon.log kernel.log mail.log do if [ -f /var/log/syslog/$file ] then echo "***********"$file"***********" >> /var/log/syslog/out.tmp /usr/bin/logger.pl < /var/log/syslog/$file >> /var/log/syslog/out.tmp mv /var/log/syslog/$file /var/log/syslog/$file.$DATE fi if [ ! -f /var/log/syslog/$file.$DATE ] then echo "Problems with logs." | mail root@somehost.edu fi done kill -HUP `cat /var/run/syslogd.pid` cat /var/log/syslog/out.tmp | mail -s "logger $DATE" root@somehost.edu rm /var/log/syslog/out.tmp #***************************************************************************** It will get auth.log, daemon.log, kernel.log & mail.log parsed & mailed. Then you can add a line on the root crontab to do the checking once a day, like this: #***************************** # Check the logs 55 23 * * * /usr/bin/chklog & #***************************** Licence: This package is to be copied freely as long as it remains intact. I hold no responsability whatsoever for what the package could do wrong. Comments are deeply appreciated, just send an email. -Pda