Sergiusz Michalski wrote:

> Hi!
>
> Maybe you hav any good idea how to detect any new changes maked in
> /var/log/messages and write it to new separate file. Any script???
>
> I've tried to use diff program but I need to have 2 files to compare so I
> don't think that this is an optional solution.
>
> Thanks for all advices.
>
> Serge M.


I've never used either, but "Unix System Administration Handbook" (E. Nemeth
et al., ISBN 0-13-020601-6) recommends swatch and logcheck for analyzing
logs. Quote: "While swatch can process an entire file in a single bound,
it's primarily intended to be left running so that it can review new
messages as they arrive, a la tail -f"