1 |
Apparently, though unproven, at 22:41 on Monday 22 November 2010, Stroller did |
2 |
opine thusly: |
3 |
|
4 |
> On 22/11/2010, at 8:29am, Lubos Kolouch wrote: |
5 |
> > Stroller, Fri, 19 Nov 2010 22:06:57 +0000: |
6 |
> >> On 19/11/2010, at 8:45pm, Fatih Tümen wrote: |
7 |
> >>> I just want to beware of anything unusual instantly, preferably by |
8 |
> >>> email. This is a single or two user laptop. |
9 |
> >> |
10 |
> >> I've been meaning for some time to look for something like this myself. |
11 |
> >> I'm personally only interested in messages from the RAID controller, and |
12 |
> >> I'm not sure that I'm a high-risk for intrusion, but I do want to know |
13 |
> >> about it *immediately* if a drive fails, so that ideally I can pop into |
14 |
> >> the store on the way home and pick up a new disk to replace the one that |
15 |
> >> failed. |
16 |
> > |
17 |
> > Seems to me like a use case for nagios |
18 |
> |
19 |
> This makes it appear waaay overkill for my purposes: |
20 |
> http://www.nagios.org/about/screenshots |
21 |
> |
22 |
> All I want is a simple email notification when $string appears in the log. |
23 |
> |
24 |
> I'm actually a little surprised that there isn't a syslogger which can |
25 |
> parse stuff as it writes it out, and thus perform actions, such as |
26 |
> mailing. I'm assuming there isn't, since no-one has mentioned it. |
27 |
> |
28 |
> Stroller. |
29 |
|
30 |
|
31 |
syslog-ng-3.2 with the new patterndb |
32 |
|
33 |
It doesn't do it out of the box, you have to write the pattern match |
34 |
(conceptually similar to a regex) and you have to pipe the output to a script |
35 |
which mails you, but it can be done. |
36 |
|
37 |
Or you could just use OSSEC where *all* the heavy lifting above has been done. |
38 |
|
39 |
|
40 |
-- |
41 |
alan dot mckinnon at gmail dot com |