Re: improving signal to noise ratio from centralized network syslogs

[James Bensley <jwbensley () gmail com>]

On 5 February 2018 at 18:57,  <valdis.kletnieks () vt edu> wrote:
> On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> > I have no knowledge of syslog-ng.  Does it do the
> > real time scrolling like I mention?
>
> Use 'tail -f' or similar.

The only problem is that with BASH based solutions is that they are
slow. They don't scale well.

Some years ago I wrote a script that would periodically (every 5
minutes by default) grep for interesting events / filter uninteresting
events from the syslog file and email you the results. It's here if
anyone is interested: https://null.53bits.co.uk/index.php?page=sysgrep

It's OK for a small network or small number of devices but it doesn't
scale well. Having said that, it's better than nothing and costs $0
(which exactly why I used it in the first place).

Cheers,
James.