| 1 |
Apparently, though unproven, at 22:41 on Monday 22 November 2010, Stroller did |
| 2 |
opine thusly: |
| 3 |
|
| 4 |
> On 22/11/2010, at 8:29am, Lubos Kolouch wrote: |
| 5 |
> > Stroller, Fri, 19 Nov 2010 22:06:57 +0000: |
| 6 |
> >> On 19/11/2010, at 8:45pm, Fatih Tümen wrote: |
| 7 |
> >>> I just want to beware of anything unusual instantly, preferably by |
| 8 |
> >>> email. This is a single or two user laptop. |
| 9 |
> >> |
| 10 |
> >> I've been meaning for some time to look for something like this myself. |
| 11 |
> >> I'm personally only interested in messages from the RAID controller, and |
| 12 |
> >> I'm not sure that I'm a high-risk for intrusion, but I do want to know |
| 13 |
> >> about it *immediately* if a drive fails, so that ideally I can pop into |
| 14 |
> >> the store on the way home and pick up a new disk to replace the one that |
| 15 |
> >> failed. |
| 16 |
> > |
| 17 |
> > Seems to me like a use case for nagios |
| 18 |
> |
| 19 |
> This makes it appear waaay overkill for my purposes: |
| 20 |
> http://www.nagios.org/about/screenshots |
| 21 |
> |
| 22 |
> All I want is a simple email notification when $string appears in the log. |
| 23 |
> |
| 24 |
> I'm actually a little surprised that there isn't a syslogger which can |
| 25 |
> parse stuff as it writes it out, and thus perform actions, such as |
| 26 |
> mailing. I'm assuming there isn't, since no-one has mentioned it. |
| 27 |
> |
| 28 |
> Stroller. |
| 29 |
|
| 30 |
|
| 31 |
syslog-ng-3.2 with the new patterndb |
| 32 |
|
| 33 |
It doesn't do it out of the box, you have to write the pattern match |
| 34 |
(conceptually similar to a regex) and you have to pipe the output to a script |
| 35 |
which mails you, but it can be done. |
| 36 |
|
| 37 |
Or you could just use OSSEC where *all* the heavy lifting above has been done. |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
alan dot mckinnon at gmail dot com |
Archives