I find that when something goes wrong at a low level on one of my linux servers, I can see messages about it in the kernel ring buffer. These can be viewed from the command line using the dmesg command.
I am wondering if there is an easy way to get my servers to email me whenever something is added to the kernel ring buffer?
Right now I have a script that runs every hour, makes a copy of the output of dmesg and runs a diff against the file from the previous hour. Unfortunately this doesn't work so well, because as lines are appended to the end of the dmesg output, other lines are truncated from the beginning. Also, if I have alot of the same message, it just stops notifying me altogether.
-
Is there a better way of doing this?
-
Does anyone else think it is important to see these messages when they happen?
added
- is the information reported by the dmesg command the same as that in one of the logfiles? (If so, then the solution is easier than I thought)
Best Answer
There are a number of tools designed to gather this information and report it regularly.
I find the Lire tool (from the LogReport system) to be a good reporting tool, but you may also be interested in Logcheck and Logwatch. All are free software and can be installed directly from most major GNU/Linux package repositories.