[Novalug] Redhat system alert syntax

Scott Musman musman@aug-sys.com
Thu Jan 8 17:37:44 EST 2009


Hi Ken,

It's impossible to know what you're really asking for, from the way you
phrased your question. 

But.. Just in case it is helpful, one source of example log messages
(most of which are things you don't want to see) can be found at:

 http://www.ossec.net/wiki/index.php/Log_Samples_Linux

It's horribly incomplete, and definately not Redhat specific. Depending
on how you have you system configured different "alerts" will be logged
to different places.

Also our Otto-mate tool looks for and detects most of the events shown
above, and many more (from various sources, not just syslog) and will on
report certain events or event patterns (i.e. too many xinetd failures,
or syslog itself being stopped, oversize events, authentication
failures, full file systems, etc.). All of these things were added at
different periods of time, and were poorly documented (doh!!), but.. If
it would really be of help to you, it should be possible to back-solve
most of them, and that's probably something I should do anyway :)

	- Scott



On Thu, 2009-01-08 at 20:45 +0000, Ken Kauffman wrote:
> Anyone know where I can get a comprehensive list of system alerts that can be generated by redhat v4 and v5 (generally located in syslog)?
> 
> To make a long story short, I'm working om a project where stock redhat is inside a 'black box' solution and the client will not certify the monitoring agent.  So I'm building a different integration that I need this syntax.
> 
> Any help would be appreciated.
> 
> Ken
> ----
> // sent via BlackBerry
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug




More information about the Novalug mailing list