Recipe 9.37 Defining a logwatch Filter
9.37.1 Problem
You want
logwatch to print reports for a service it does
not support.
9.37.2 Solution
Create your own logwatch filter for that service
or log file. Suppose you have a service called
foobar that writes to the log file
/var/log/foobar.log.
Create /etc/log.d/conf/logfiles/foobar.conf
containing: LogFile = /var/log/foobar.log
Archive = foobar.log.*
... Create /etc/log.d/conf/services/foobar.conf
containing: LogFile = foobar Create /etc/log.d/scripts/services/foobar. This is a script (Perl, shell, etc.) that matches the desired lines
in foobar.log and produces your desired output.
logwatch automatically strips the
datestamps from syslog-format output,
so your script needn't do this.
9.37.3 Discussion
logwatch is more a framework than a log parser. In
fact, all parsing is done by auxiliary scripts in
/etc/log.d/scripts/services, so for unsupported
services, you must write your own scripts. You might think,
"Hey, if I have to write these scripts myself,
what's the value of
logwatch?" The answer is
convenience, as well as consistency of organization.
It's helpful to have all your log groveling scripts
together under one roof. Plus logwatch supplies
tons of scripts; use them as examples for writing your own.
To integrate a given service into
logwatch, you must define three files:
- A
logfile group configuration file
-
Found in /etc/log.d/conf/logfiles, it defines
where the service's logs are stored.
- A service filter executable
-
Found in /etc/log.d/scripts/services, it must
read log entries from standard input and write whatever you like on
standard output.
- A service filter configuration file
-
Found in /etc/log.d/conf/services, it defines
the association between the above two files. It specifies that the
above-mentioned logs will be fed to the above-mentioned filter.
Our recipe uses minimal configuration files. Plenty of other options
are possible.
9.37.4 See Also
/usr/share/doc/logwatch*/HOWTO-Make-Filter
documents the full syntax of logwatch filters.
|
