[nylug-talk] watch a file (realtime) on remote machine

[H. G.]

On 4/26/07, Chandhee Thala <cthala at gmail.com> wrote:
> hello,
>
> We have two boxes, "secure" and "insecure". We have several people with
> access to insecure, but only a few people can acccess secure.
>
> There are several (log) files on secure that need to be accessed by these
> people. So I wrote a script to mirror them via rsync in cron. That allows
> them to see all the logs, but they can be delayed by up to a minute.
>
> Is there a way to do these realtime? Someone told me to use
> tail+logger+syslogd, which I *think* can be done, but if there is some tool
> that does this natively, please let me know.
>
> (Unfortunately, the original log files on "secure" are not written by
> syslogd, but by some in-house tools that does not go through the syslog
> facility. If they did, I could have easily mirrored them in realtime).
>
> Thank you.
> C

Why not have a central logging system, and use groups to allow access
to specific log files
as needed?

I would also suggest metalog; metalog provides you greater control
over splitting incoming input
from various apps to different destinations (log files or otherwise).

You can filter your sources by a facility, urgency, program name, or
even via regular expressions
(Perl-compatible, no less).  Now once your log files are filtered and
split as you like, set permissions
on the files you want viewable by the "insecure" folk and then perhaps
use something like lighttpd or
thttpd to allow the "insecure" group to view the log files over the web.

At this point, I'm going to don my flak helment and prepare for the
holy pillar of fire coming my way
for suggesting that ppl view log files raw in their web browsers.

And yet another solution is Splunk (www.splunk.com), which is probably
the easiest most
convenient solution for you.  It indexes your mass of logs, and
_should_ allow you to set permissions
on whos allowed to see what.