Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Monitoring specific string or keyword in rotating log files.
Top Forums Shell Programming and Scripting Monitoring specific string or keyword in rotating log files. Post 302436707 by zaxxon on Tuesday 13th of July 2010 02:14:07 AM
Old 07-13-2010
There is a package called swatch which has plenty of features for such purposes.
Just google for "swatch log file monitoring" for download, guides etc.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Rotating a String

Hi folks, I want to rotate a string in Clock or Ani Clock wise. That is If the string is "TAMIL" the out put should be TAMIL AMILT MILTA ILTAM LTAMI TAMIL Please do help. (1 Reply)
Discussion started by: bubeshj
1 Replies

2. Solaris

rotating the syslogd and messages files

Im about to install a sunfreeware program called logrotate which does exactly what it says on the tin....just a quick question ..if its going to rename messages to messages.0 etc do I need to issue a HUP to syslogd after doing this or will the new messages file get created automatically cheers (2 Replies)
Discussion started by: hcclnoodles
2 Replies

3. UNIX for Dummies Questions & Answers

Monitoring specific files and folders

I want a mechanism to monitor a folder full of files that are sensitive. I want to log all accesses,modifications and changes to any file within the folder in a log file which should give me access/modify/change times,the user id of the process which tried and the pid. Even some idea of what to... (1 Reply)
Discussion started by: Vivek788
1 Replies

4. UNIX for Advanced & Expert Users

logrotate isn't rotating files any longer

I have been using logrotate for quite awhile now. Most logs are rotated daily, using /etc/cron.daily. I noticed that the logs in question have not been rotated since April 6, but daily up to that point. I have logrotate in /etc/cron.daily. The basic command is: /usr/sbin/logrotate... (1 Reply)
Discussion started by: manouche
1 Replies

5. Solaris

rotating a log yearly

Hi, I am having some troubles using /usr/sbin/logadm to rotate sulog yearly. Can someone please assist with the correct syntax to rotate the sulog yearly? I'd like to maintain up to 3 years of logs. I am on Solaris 10. Thanks, (1 Reply)
Discussion started by: lwif
1 Replies

6. Shell Programming and Scripting

How to print Specific keyword, by using awk?

How to print Specific keyword, by using awk.? prime:root:I want output. 78 1457 10000 10000 5985 307 10000 10000 10000 10000 3760 692 6656 157 696 (4 Replies)
Discussion started by: ooilinlove
4 Replies

7. Shell Programming and Scripting

Monitoring for specific date stamped files before and after midnight

Hi Guys, I am having a brain freeze.... I want to monitor a directory for a time stamped file on a sol 10 system in bash or ksh, the files will come in looking like this.. randomfile.DDMMYY.rpt The problem i am having is the file can come in before or after midnight, the file will... (5 Replies)
Discussion started by: twinion
5 Replies

8. Shell Programming and Scripting

Remove not only the duplicate string but also the keyword of the string in Perl

Hi Perl users, I have another problem with text processing in Perl. I have a file below: Linux Unix Linux Windows SUN MACOS SUN SUN HP-AUX I want the result below: Unix Windows SUN MACOS HP-AUX so the duplicate string will be removed and also the keyword of the string on... (2 Replies)
Discussion started by: askari
2 Replies

9. UNIX for Dummies Questions & Answers

Search for a specific String in a log file for a specific date range

Hi, I have log file which rolls out every second which is as this. HttpGenRequest - -<!--OXi dbPublish--> <created="2014-03-24 23:45:37" lastMsgId="" requestTime="0.0333"> <response request="getOutcomeDetails" code="114" message="Request found no matching data" debug="" provider="undefined"/>... (3 Replies)
Discussion started by: karthikprakash
3 Replies

10. Shell Programming and Scripting

Help with rotating files

Hello: I have a script that gets the ACLs of the /home directory and its contents with getfacl and writes them to a file. The script is run by a cron job and I don't want it to rewrite or append to an already existing file. The point of backing permissions up is because I may need to restore them.... (2 Replies)
Discussion started by: Cacializ
2 Replies

LEARN ABOUT HPUX

dcecp_audfilter

audfilter(1m)															     audfilter(1m)

NAME

       audfilter - A dcecp object that manages the event filters on a DCE host

SYNOPSIS

       audfilter catalog

       audfilter create audit_filter_name_list -attribute guide_name_list

       audfilter delete audit_filter_name_list

       audfilter help [operation | -verbose]

       audfilter modify audit_filter_name_list {[-add guide_name_list] [-remove guide_name_list]}

       audfilter operations

       audfilter show audit_filter_name_list

ARGUMENTS

       A list of one or more names of audit event filters.  A filter name consists of a filter type and possibly a key, depending on the type.

       The  audit  filter  types  are  as  follows:  Key  The  key  is a principal_name.  The key is a /.../cellname/principal_name.  The key is a
       group_name.  The key is a /.../cellname/group_name.  The key is a cellname.  The key is a cellname.  This type has no key.  This  type  has
       no key.

       Examples  of  audit  filter names are principal admin, group dce, and world.  The name of the audfilter operation for which to display help
       information.

DESCRIPTION

       The audfilter object represents audit event filters, which consist of a list of guides.	Audit event filters are kept by the  audit  daemon
       and  used  to  determine  whether  an  auditable event should be logged.  An audit filter name consists of a filter type and possibly a key
       (dependent on the type).

       This command operates on the audit daemon named by the _s(aud) convenience variable.  If the variable is not set, the command  operates	on
       the audit daemon on the local host.

DATA STRUCTURES

       Several	audfilter operations add and remove guide data that is stored in a filter.  A guide specifies which action to take when a particu-
       lar audit condition occurs.  A single filter can contain multiple guides, each specifying various  actions  for	different  conditions.	 A
       guide  is  identified  by  a list of the three elements that make up the guide: audit conditions, audit actions, and event classes.  Essen-
       tially, a guide specifies what (event classes) to audit, when (audit conditions), and how (audit actions).  Note  that  event  classes  are
       definable by the administrator.

   Audit Conditions
       The  possible  audit conditions are as follows: Audits only if the event succeeded.  Audits only if the event failed due to access denials.
       Audits only if the event failed due to other reasons.  Outcome not yet determined.

   Audit Actions
       The possible audit actions are as follows: Sends the audit record to the system console.  Logs the event and signal the alarm.  If  all	is
       set,  the  show	operation  returns the action all, not {log alarm all}.  Logs the audit record either in the audit trail file of the Audit
       daemon or in a user-specified audit trail file.	Takes no audit action.

OPERATIONS

   audfilter catalog
       Returns a list of names of all filters in the audit daemon.  The syntax is as follows: audfilter catalog

       The catalog operation returns a list of names of all filters maintained by the audit daemon.  It takes no arguments.  The names are a  list
       of a type and, if necessary, a key.  They are returned in an arbitrary order.

       Privileges Required

       No special permissions are needed to use the audfilter catalog command.

       Examples

       dcecp> audfilter catalog {principal melman} {foreign_principal /.../cell_X/kevins} {group dce} world dcecp>

   audfilter create
       Creates a new audit filter.  The syntax is as follows: audfilter create audit_filter_name_list -attribute guide_name_list

       Options Specifies a list of one or more guides to be added to the specified audit event filters that are created.  A guide name consists of
       three elements: an event class, an audit condition, and an audit action.

       See DATA STRUCTURES for more information about guide names.

       The create operation creates a new audit filter.  The argument is a list of names of audit filters to be created.  Since a filter that  has
       no  guides  is removed by the audit daemon during a clean-up ("garbage collection") phase, this command requires an -attribute option whose
       value is a list of guides to be added to the specified audit filters on creation.  All guides are added to all audit filters  specified	to
       be created.  This operation returns an empty string on success.

       Privileges Required

       You must have w (write) permission on the audit daemon, and you must be authenticated.

       Examples

       dcecp> audfilter create {principal melman} -attribute {dce_sec_query denial log} dcecp>

   audfilter delete
       Deletes the filter including all filter guides.	The syntax is as follows: audfilter delete audit_filter_name_list

       The  delete  operation  deletes	the  filter, including all filter guides.  The argument is a list of names of audit filters to be deleted.
       This operation returns an empty string on success.

       Privileges Required

       You must have w (write) permission on the audit daemon, and you must be authenticated.

       Examples

       dcecp> audfilter delete {principal jones} dcecp>

   audfilter help
       Returns help information about the audfilter object and its operations.	The syntax is as follows: audfilter help [operation | -verbose]

       Options Displays information about the audfilter object.

       Used without an argument or option, the audfilter help command returns brief information about  each  audfilter	operation.   The  optional
       operation  argument  is the name of an operation about which you want detailed information.  Alternatively, you can use the -verbose option
       for more detailed information about the audfilter object itself.

       Privileges Required

       No special privileges are needed to use the audfilter help command.

       Examples

       dcecp> audfilter help catalog		 Returns the list of filters for an audit daemon.  create	       Creates a new  filter  with
       specified  guides.  delete	       Deletes a filter and its associated guides.  modify		Adds or removes one or more guides
       of a filter.  show		 Returns a list of guides in a specified filter.  help		      Prints  a  summary  of  command-line
       options.  operations	     Returns a list of the valid operations for this command.  dcecp>

   audfilter modify
       Adds  or removes one or more guides of a filter.  The syntax is as follows: audfilter modify audit_filter_name_list {[-add guide_name_list]
       [-remove guide_name_list]} Options Specifies a list of one or more guides to be added to the specified audit event filters that are  to	be
       modified.  A guide name consists of three elements: an audit condition, an audit action, and an event class.

       See  DATA STRUCTURES for more information about guide names.  Specifies a list of one or more guides to be removed from the specified audit
       event filters that are to be modified.  A guide name consists of three elements: an audit condition, an audit action, and an event class.

       See DATA STRUCTURES for more information about guide names.

       The modify operation adds or removes one or more guides of a filter.  The argument is a list of names of audit filters to be modified.	In
       addition, the specific operation to perform is described with one or more of the following options: -add and -remove.  The argument to both
       options is a list of guides.  If more than one guide is specified, all guides are operated on, but not atomically.  If the  last  guide	is
       removed from a filter, the filter is deleted at some point by the audit daemon.

       Atomicity of multiple actions is not guaranteed.

       Similarly,  the	effect	of  adding  a guide that partially exists in the specified filter is to change the existing guides.  These changes
       guarantee that the semantics of the removal/addition are maintained.  This operation returns an empty string on success.

       Privileges Required

       You must have w (write) permission on the audit daemon, and you must be authenticated.

       Examples

       dcecp> audfilter modify {principal jones} 
	      -add {dce_dts_mgt_modify failure alarm} 
	      -remove {dce_dts_mgt_query all log} dcecp>

   audfilter operations
       Returns a list of the operations supported by the audfilter object.  The syntax is as follows: audfilter operations

       The list of available operations is in alphabetical order except for help and operations, which are listed last.

       Privileges Required

       No special privileges are needed to use the audfilter operations command.

       Examples

       dcecp> audfilter operations catalog create delete modify show help operations dcecp>

   audfilter show
       Returns a list of guides in a specified filter.	The syntax is as follows: audfilter show audit_filter_name_list

       The show operation returns a list of guides in a specified filter.  The argument is a list of filter names (a filter type, and if needed, a
       key) to be shown.  If more than one is entered, the output is concatenated and a blank line inserted between filters.

       Privileges Required

       You must have r (read) permission on the audit daemon, and you must be authenticated.

       Examples

       dcecp> audfilter show {principal truitt} {dce_dts_mgt_modify failure alarm} {dce_dts_mgt_query all log} dcecp>

RELATED INFORMATION

       Commands: auditd(1m), dcecp(1m), dcecp_aud(1m), dcecp_audevents(1m), dcecp_audtrail(1m).

       Files: aud_audit_events(5), dts_audit_events(5), event_class(5), sec_audit_events(5).

																     audfilter(1m)
All times are GMT -4. The time now is 09:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy