[Logcheck-users] Problems noted in logcheck
Ross Boylan
RossBoylan at stanfordalumni.org
Wed May 19 20:05:44 UTC 2010
On Wed, 2010-05-19 at 10:30 -0500, Frank_Kenisky at psc.uscourts.gov wrote:
> We use logcheck in our systems. From time to time during what appears
> to be large volumes of information I get emails with current and
> sometimes dated traffic. Recently, we had a change to the system
> which created quite a lot of 404 traffic.
>
> I don't have a specific log analysis tool but use my own home grown
> tool.
>
> I have all the emailed log files go to a log folder in my email
> client. They are separated by server, this way I can gather all the
> entries for a specific server and save them to a text file. I run a
> script to eliminate the email headers and other noise not associated
> with the logs. I then import this into excel which I have a macro set
> up to change it from text to data.
>
> Therefore the logs are from the current 24 hours period. Once in a
> while after a huge amount of traffic, usually caused by something we
> did or didn't do seems to cause this. My question is has any one
> experienced this with log check in the past of it retrieving old
> traffic from somewhere in syslog, if so where might it be coming
> from?
I think I've noticed that if logcheck doesn't run, or fails, the later
runs will play catch up. Perhaps the high load could be causing runs to
fail.
This doesn't sound as if it's your problem, but I thought I'd throw it
out.
Ross Boylan
More information about the Logcheck-users
mailing list