[wellylug] Problem with attachment

[Daniel Pittman]

Jethro Carr <jethro.carr at jethrocarr.com> writes:
> On Wed, 2009-03-04 at 11:09 +1100, Daniel Pittman wrote:
>> Another solution is to use a tool like 'logcheck', packaged, which is
>> designed to read your system logs and email you the interesting parts.
>> 
>> That would save you manually filtering the boring parts of the mail log,
>> as well as handling the reading, emailing and so forth for you.
>
> Another log monitoring program option is called logwatch, which is
> installed by default on redhat-style distributions.

It is.  Personally, I think we should all print a copy of the logwatch
source code and ceremonially burn it, just in case we are ever tempted
to actually /use/ it.

Seriously, I can't warn you against logwatch strongly enough: it is
built around the worst possible model of log monitoring.

The design is to go through and tell you things.  All sorts of things,
none of which you care about, because you want to know about all the
routine operations that your server carried out.


I am yet to find an installation of logwatch that the emails are not,
after a week or two, ignored by the admins because the noise to signal
ratio means that they get *nothing* out of them.

>> Finally, you might want to look at a log summary tool; since you didn't
>> specify the MTA I don't suggest any specific tool, but rather that there
>> are plenty of options that will read your logfile and report statistics
>> and problems to you.
>
> As a side note, for anyone looking to monitor their mail server you can
> use the awstats web application to monitor usage & traffic. (awstats
> also does a very nice job of getting stats from apache logs)

It does.  Ensure that you don't put the CGI anywhere the public can see,
though, since it is a routine target for Google-search driven remote
exploits.

> Of course, the best solution is going to depend entirely on what you
> are trying to get out of the logs in the first place. :-)

Absolutely.
          Daniel