Where to insert a script to generate a report from auth.log just before rotating it?
tony.arnold at manchester.ac.uk
Thu Sep 21 13:05:39 UTC 2006
On Thu, 2006-09-21 at 11:33 +0100, Adam Funk wrote:
> On 2006-09-21, Paul Dwerryhouse <paul at dwerryhouse.com.au> wrote:
> > On Wed, Sep 20, 2006 at 04:56:42PM +0100, Adam Funk wrote:
> >> A while back on another list I was advised that auth.log (and syslog
> >> and a few others) are rotated by /etc/cron.weekly/sysklogd. I'm now
> >> interested in running a Perl program to generate a report from
> >> auth.log just before each rotation.
> > Wouldn't it be better to run the script on the file after it has been
> > rotated (using its new filename, auth.log.0)? If you do it before it's
> > rotated, then syslog will still be writing to the file and you might
> > miss some information.
> Thanks for the excellent suggestion! I'll do it this way:
I used to do this kind of thing on a different operating system many
years ago (OpenVMS). What I did then was to process the log file on a
daily basis and extract just the previous 24 hours worth of records and
produce a daily report. You could do this by processing auth.log* file
and extract the relevant entries using some regular expressions.
It would have the advantage of producing a daily report rather than a
report whenever the files get rotated and would be completely
independent of the sysklogd script. It is a bit more coding to produce
the report though.
I guess it all depends on what you are trying to achieve.
Just my thoughts.
Tony Arnold <tony.arnold at manchester.ac.uk>
University of Manchester
More information about the ubuntu-users