<br clear="all">---<br>Hey! Hey! You! You! Get off of my cloud!<br><a href="http://news.cnet.com/8301-13578_3-20002423-38.html">http://news.cnet.com/8301-13578_3-20002423-38.html</a><br>
<br><br><div class="gmail_quote">On Fri, Dec 3, 2010 at 14:25, Rich Mahn <span dir="ltr"><<a href="mailto:rich@lat.com">rich@lat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">Donald Russell <<a href="mailto:russell.don@gmail.com">russell.don@gmail.com</a>> wrote:<br>
<br>
> I have an application that uses the logger -t <tag> command to add<br>
> specific messages in /var/log/messages. I'd like to add those in a<br>
> section of it's own in the logwatch report but am having trouble<br>
> following the information in /usr/share/doc/logwatch-7.3 in the HOWTO<br>
> doc.<br>
> I added my new script/filter<br>
> /etc/logwatch/scripts/services/myfilter<br>
> myfilter is one simple awk comand:<br>
> awk '{ if ("mytag:" == $5) { print; }}'<br>
</div>> I added the config file for it...A /etc/logwatch/conf/myfilter.conf<br>
<div class="im">> Title = "My App Messages"<br>
> LogFile = messages<br>
> I also tried a more explicit, LogFile = /var/log/messages<br>
> What else do I need to do? when I add a test message to the log with<br>
> logger -t mytag this is a test<br>
> then run logwatch, I'm not seeing the test message in the report<br>
> What did I miss?<br>
> Thank you.<br>
><br>
<br>
</div>It's complicated--there are many many options and, since it's perl scripts,<br>
there's many ways to do it.<br>
<br>
The myfilter.conf file gives options for pre-processing your log file.<br>
Look at /usr/share/logwatch/default.conf/services/*.conf for examples.<br>
Look at arpwatch.conf for a simple example. Note the "OnlyService" and<br>
the "RemoveHeaders" lines. They are probably similar to what you want<br>
if you are pulling lines from /var/log/messsages.<br>
<br>
Then look at some files in /usr/share/log/watch/scripts/service.<br>
I like the 'afpd' as an example of how to grab data from the lines<br>
you are looking at.<br>
<br>
In your /etc/logwatch/scripts/services directory, make sure the<br>
permissions are 644 -- they are not executable.<br>
<br>
This should be enough to get you started. Report back with more specific<br>
problems for more specific help.<br>
<br>
Good luck<br>
<font color="#888888"><br>
<br>
Rich<br>
</font></blockquote></div><br><br>Thanks Rich,<br><br>I followed the examples, but when I tried "logwatch --service myfilter" I was geting an error:<br> Logwatch does not know how to process service: myfilter<br>
<br>I solved THAT by correcting the name of myfilter in /etc/logwatch/conf/services from myfilter to myfilter.conf<br><br>Now it's working.... now I can concentrate on the actual report. :-)<br><br>Cheers!<br><br>So, for anybody else looking to add a report section in logwatch<br>
<br>your filter config file goes here: /etc/logwatch/conf/services and must be named <service>.conf<br>the actual filter goes here: /etc/logwatch/scripts/services and must be named <service><br><br>Where <service> is whatever you want to call it... it just has to be the same in both places... makes sense.<br>
<br>Then logwatch --service <service> will produce your report.<br><br>The filter itself is assumed to be written in Perl, so use Perl syntax in your filter script. Apparently you can configure a different languagein the .conf file, but I didn't bother figuring that out... it was simpler to do what I need in Perl than to figure out the nuances of Logwatch configuration. ;-)<br>
<br>Now that I've actually done it once, it seems pretty simple... so why did it appear so complicated in the doc? hmmm.<br><br><br>