6.6 References and Further Study

There are a number of other free programs available that perform system log monitoring. For example, the logwatch program, available from http://www.logwatch.org/, is free and now comes installed with many Linux systems. Unlike Oak, it allows you to write customized filters that condense information into any kind of message you desire . However, the notification options are limited and the configuration is a bit tricky.

A very popular log monitoring tool is Swatch, available from http://swatch. sourceforge .net/. Swatch is similar to Oak in that it uses a simple configuration language based on regular expressions, and each regular expression can trigger a notification. The advantage Swatch has over Oak is that it is much more widely used and has been around a lot longer, making it a more stable and reliable tool. Oak allows for much more flexibility in notification options than Swatch does, and it has a few more features, but as a younger piece of software, it is not nearly as tried and true. If you encounter bugs or other problems with Oak, send a detailed description of the problem to bug-ktools@mit.edu.

The remote syslog protocol that allows syslogs to be sent between machines is described in RFC 3164. The options for the syslogd program and the syslog.conf file can be found in the Unix man pages for syslogd and syslog.conf , respectively. Regular expression syntax is described in the Unix man pages regex and regexp , and there are books available on regular expressions, such as Mastering Regular Expressions (O'Reilly and Associates, 2002) by Jeffrey Friedl.