-
Notifications
You must be signed in to change notification settings - Fork 0
bacam/piperlog
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
The typical use of the piperlog and logmerge packages is to regularly provide summaries of the system logs by email. The packages don't force a default setup for this, so here's a example. First, we need to produce the file of patterns to ignore. This can be produced from an existing logcheck installation. It uses the "discard" file in /etc/piperlog/discard to get rid of logcheck patterns that you don't want. piper:~# piperlog-mkignore > /etc/piperlog/ignore We add a new user, initialise the "offsets" file which tells logmerge where to start reading the logs from (and which logs to read) and set up a cron job to generate the summaries. piper:~# adduser --system --ingroup adm piperlog Adding system user `piperlog'... Adding new user `piperlog' (101) with group `adm'. Creating home directory `/home/piperlog'. piper:~# logmerge-mkoffsets /var/log/auth.log /var/log/syslog > /var/lib/logmerge/offsets piper:~# chown -R piperlog.adm /var/lib/logmerge/ piper:~# crontab -e -u piperlog /etc/piperlog/ignore 5 */4 * * * ([email protected]; export REPLYTO; logmerge | piperlog | mail -s "some.example.com log summary at `date`" [email protected]) Minor points: - piperlog uses pcre "Perl compatible" regular expressions (see pcrepattern(1)) rather than egrep "extended" regular expressions. There are few differences. I found that the \< and \> word end sequences are not present, and repetitions are fussy about the preceeding part of the regexp (eg., r+{2,3} is not allowed). In the logcheck rules I looked at these were only used by mistake, so they don't matter.
About
Log summary generator
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published