-
Some primitive log monitors "tail" log files using tail -f.
This may leave them hanging when logs are turned over!
-
Others sample last few lines.... Also error-prone.
-
Best practice is to "pipe" log messages to monitor.
-
/etc/syslog.conf specifies message routing
-
The same messages may be copied to more than one place; e.g.
to a file, users' screens, or an application
-
To monitor messages about mail, one might use:
# Log to /var/log/maillog, as usual
mail.info
/var/log/maillog
# Also pipe the same messages to mailmon.pl (run
as root!)
mail.info
|exec perl /usr/local/bin/mailmon.pl |
-
Because syslogd effectively "tees" output, log rotation causes
no problems. However, compression can prevent timely reactions to messages
|