Step 1. compile & install

make install

On some operating systems, it might be necessary to do one or more
of the following:

* Install gdbm as it is required.

* Define $CC to point to the C++ compiler, ie:

       export CC='g++'


Step 2. configure btail

Default configuration file:
db_bad = .btail_db_bad
db_good = .btail_db_good
db_conf = .btail_db_conf
logfile = /var/adm/messages

db_... are the database files which are filled by blearn. They are
used as reference when btail calculates if an event is bad or good.
logfile is the logfile which you want to monitor. As you see, one
needs a seperate configurationfile AND databases(!) for each file
to monitor.


Step 3. learn logging

blearn -g good_logging
blearn -b bad_logging

good_logging should contain events which are considered ok.
bad_logging should contain logging of events you want to see, e.g.
disk errors, invalid loggings, etc.


Step 4. use btail

btail

This will read the logfile defined in btail.conf and emit events
which are considered not-ok by the bayesian filter.


--- folkert@vanheusden.com

Please support my opensource development: http://www.vanheusden.com/wishlist.php
