Logsurfer is a program for monitoring system logs in
real-time, and reporting on the occurrence of events. It
is similar to the well-known swatch program on
which it is based, but offers a number of advanced
features which swatch does not support.

Logsurfer is capable of grouping related log entries
together – for instance, when a system boots it usually
creates a high number of log messages. In this case,
logsurfer can be setup to group boot-time messages
together and forward them in a single Email message to the
system administrator under the subject line “Host xxx has
just booted”. Swatch just couldn't do this properly.

Logsurfer is written in C – this makes it extremely
efficient, an important factor when sites generate a high
amount of log traffic. I have used logsurfer at a site
where a logging server was recording more than 500,000
events per day – and Logsurfer had no trouble keeping up
with this load. Swatch, on the other hand, is based on
perl and runs into trouble even when dealing with a much
smaller rate of log traffic.

Neat little tool from Kerry Thompson.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

