nanog mailing list archives

Re: improving signal to noise ratio from centralized network syslogs

From: "Scott Weeks" <surfer () mauigateway com>
Date: Mon, 5 Feb 2018 10:55:27 -0800



--- shane () short id au wrote:

In addition to that, you can use some fancy awk colour 
coding, so you can make it highlight certain lines based 
on content.. I use this for my e-mail logs, but I’m sure 
it could be adapted:

tail -n 1000 -f /var/log/mail-submission.log | grep smtp.*relay | awk '
    /sent/ {print "\033[32m" $0 "\033[39m"}
    /bounced/ {print "\033[31m" $0 "\033[39m"}
    /deferred/ {print "\033[33m" $0 "\033[39m"}
----------------------------------------------------


The main thing for me is to find things that 
your network is doing that you weren't aware 
of.  Not normal things you want to see that 
a monitoring system will alert you about.

scott

Current thread:

Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 03)
- Re: improving signal to noise ratio from centralized network syslogs Tarko Tikan (Feb 04)
  - Re: improving signal to noise ratio from centralized network syslogs Jippen (Feb 04)
- Re: improving signal to noise ratio from centralized network syslogs Shane Short (Feb 04)
- Re: improving signal to noise ratio from centralized network syslogs Brian Knight (Feb 05)
- <Possible follow-ups>
- Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 05)
  - Re: improving signal to noise ratio from centralized network syslogs valdis . kletnieks (Feb 05)
    - Re: improving signal to noise ratio from centralized network syslogs James Bensley (Feb 05)
    - Re: improving signal to noise ratio from centralized network syslogs valdis . kletnieks (Feb 05)
    - Re: improving signal to noise ratio from centralized network syslogs John Kougoulos (Feb 06)
- Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 05)