You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Henri Gomez <he...@gmail.com> on 2005/06/28 11:03:59 UTC

Monitoring HTTP error logs

Hi to all,

Did you know a tools on Unix/Linux system, which should be able to
monitor in real-time the error_log of Apache2 servers and for example,
send email/syslog message when a [error] string is detected ?

Regards and thanks for your help

Re: Monitoring HTTP error logs

Posted by Paul A Houle <ph...@cornell.edu>.

William A. Rowe, Jr. wrote:

>
>Offhand, no, but I'd suggest looking at Piped Log scripts.
>This would be pretty trivial to do (even looking for very
>specific messages or masking out other common occurances.)
>The messages can then be written to one or more log file, 
>as well.
>
>See the ErrorLog documentation for pipe syntax, and rotatelogs
>or logresolve for additional examples.
>  
>
    Another possibility is to,  more or less,  write a script that does 
the same thing as 'tail -f',  or alternately a script that runs 
periodically and keeps track of the position it left off at in the log.

Re: Monitoring HTTP error logs

Posted by Henri Gomez <he...@gmail.com>.

hehe, mais be even better, good point

2005/6/28, William A. Rowe, Jr. <wr...@rowe-clan.net>:
> At 04:03 AM 6/28/2005, Henri Gomez wrote:
> >Hi to all,
> >
> >Did you know a tools on Unix/Linux system, which should be able to
> >monitor in real-time the error_log of Apache2 servers and for example,
> >send email/syslog message when a [error] string is detected ?
> 
> Offhand, no, but I'd suggest looking at Piped Log scripts.
> This would be pretty trivial to do (even looking for very
> specific messages or masking out other common occurances.)
> The messages can then be written to one or more log file,
> as well.
> 
> See the ErrorLog documentation for pipe syntax, and rotatelogs
> or logresolve for additional examples.
> 
> Bill
> 
>

Re: Monitoring HTTP error logs

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

At 04:03 AM 6/28/2005, Henri Gomez wrote:
>Hi to all,
>
>Did you know a tools on Unix/Linux system, which should be able to
>monitor in real-time the error_log of Apache2 servers and for example,
>send email/syslog message when a [error] string is detected ?

Offhand, no, but I'd suggest looking at Piped Log scripts.
This would be pretty trivial to do (even looking for very
specific messages or masking out other common occurances.)
The messages can then be written to one or more log file, 
as well.

See the ErrorLog documentation for pipe syntax, and rotatelogs
or logresolve for additional examples.

Bill

Re: Monitoring HTTP error logs

Posted by Henri Gomez <he...@gmail.com>.

well I've got now a plenty of tools to evaluate.

Thanks to all of you

2005/6/30, Rich Bowen <rb...@rcbowen.com>:
> Henri Gomez wrote:
> > Hi to all,
> >
> > Did you know a tools on Unix/Linux system, which should be able to
> > monitor in real-time the error_log of Apache2 servers and for example,
> > send email/syslog message when a [error] string is detected ?
> >
> > Regards and thanks for your help
> 
> Actually the Apache error log supports logging directly to syslog. In
> the ErrorLog directive, say 'syslog' or 'syslog local7' or something
> like that, rather than the location of your log file, and then set
> LogLevel to 'error'. That should do exactly what you ask for.
> 
> --Rich
>

Re: Monitoring HTTP error logs

Posted by Rich Bowen <rb...@rcbowen.com>.

Henri Gomez wrote:
> Hi to all,
> 
> Did you know a tools on Unix/Linux system, which should be able to
> monitor in real-time the error_log of Apache2 servers and for example,
> send email/syslog message when a [error] string is detected ?
> 
> Regards and thanks for your help

Actually the Apache error log supports logging directly to syslog. In
the ErrorLog directive, say 'syslog' or 'syslog local7' or something
like that, rather than the location of your log file, and then set
LogLevel to 'error'. That should do exactly what you ask for.

--Rich

Re: Monitoring HTTP error logs

Posted by Ian Holsman <li...@holsman.net>.

Henri Gomez wrote:
> Hi to all,
> 
> Did you know a tools on Unix/Linux system, which should be able to
> monitor in real-time the error_log of Apache2 servers and for example,
> send email/syslog message when a [error] string is detected ?
> 
> Regards and thanks for your help
> 

look for a tool called 'logtail' '
It will remember the last position it was in the file its tailing (and 
start from there the next time).

I also have some perl scripts which do counts on regex matches in error 
logs.
I can scratch around for you if SEC/Swatch isn't working out.

regards
Ian

Re: Monitoring HTTP error logs

Posted by Ivan Ristic <iv...@gmail.com>.

On 6/28/05, Henri Gomez <he...@gmail.com> wrote:
> Hi to all,
> 
> Did you know a tools on Unix/Linux system, which should be able to
> monitor in real-time the error_log of Apache2 servers and for example,
> send email/syslog message when a [error] string is detected ?

Try SWATCH (http://swatch.sourceforge.net/) or SEC (Simple Event
Correlator, http://kodu.neti.ee/~risto/sec/). The later is more
complex but significantly more powerful.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org