4:17 a.m.
Hi there,
I'm new to epylog and am struggling with some things right now.
To be honest, I'm not sure which of the changes I made to epylog (on my
system) are useful to be made globally. There are two things we should
think about:
1. Is it right that epylog was originally wrote to run on various BSD
systems? If yes, this means: The default paths/regex-patterns are fitted
to those systems.
2. Epylog is 4 or 5 years old... just like the regex-patters. I think,
some of the usual log outputs changed meanwhile.
So, should we change all the default search-paths for the modules to fit
a modern linux system (let's say a debian lenny ;) )? And should we
likewise change the regex-patterns to work properly on such a system?
Just to give you an idea: the logins-module on debian lenny needs to
search in
files
= /var/log/mail.log[.#], /var/log/syslog[.#], /var/log/auth.log[.#]
the 'original' epylog searches in
files = /var/log/messages[.#], /var/log/secure[.#]
which is completely different.
Suggestions?
Regards,
Micha vor dem Berge
9:21 a.m.
See responses inline/below.
Micha vor dem Berge wrote:
Hi there,
I'm new to epylog and am struggling with some things right now.
Welcome to the epylog community! I've certainly struggled with some
things related to epylog.
<snip>
So, should we change all the default search-paths for the modules to
fit
a modern linux system (let's say a debian lenny ;) )? And should we
likewise change the regex-patterns to work properly on such a system?
Just to give you an idea: the logins-module on debian lenny needs to
search in
files
= /var/log/mail.log[.#], /var/log/syslog[.#], /var/log/auth.log[.#]
the 'original' epylog searches in
files = /var/log/messages[.#], /var/log/secure[.#]
which is completely different.
These 'original' epylog files are used on fedora/redhat systems.
I'm
not familiar enough with BSD or the history of epylog to know why it's
set up that way. I also don't know how much log messages have changed,
but most of the core ones work well on our redhat installations (RHEL
3-5). I have created some new modules for yum, up2date, sudo, and
selinux, but logins and email work "out of the box".
Suggestions?
Find which log files are needed for each module, and update the conf
file in /etc/epylog/modules.d/. You should only have to do this once.
As to whether other log sources are included in epylog, I'll leave that
up to others. Using mail as an example, would there be a performance
hit (and if so, how much of one) to tell epylog to search for both
/var/log/mail.log[.#] and /var/log/maillog[.#]?
Jeremy
--
: Jeremy Kindy
: System Administrator
: Wake Forest University
: Red Hat Certified Engineer, RHEL5
:
: email - kindyjd(a)wfu.edu
: work - 336-758-3076
: cell - 336-782-8500
--
10:44 a.m.
2009/9/24 Micha vor dem Berge <m(a)mcvdb.de>:
1. Is it right that epylog was originally wrote to run on various
BSD
systems? If yes, this means: The default paths/regex-patterns are fitted
to those systems.
No, it was written first to run on RHEL3 and RHEL4 machines (which is
what we used at Duke Physics at the time).
So, should we change all the default search-paths for the modules to
fit
a modern linux system (let's say a debian lenny ;) )? And should we
likewise change the regex-patterns to work properly on such a system?
Just to give you an idea: the logins-module on debian lenny needs to
search in
files
= /var/log/mail.log[.#], /var/log/syslog[.#], /var/log/auth.log[.#]
the 'original' epylog searches in
files = /var/log/messages[.#], /var/log/secure[.#]
which is completely different.
Suggestions?
My idea was to change Epylog to define log sources separately from
modules. For example, in sources.xml you would specify:
<sources>
<log id="mail">
<location>/var/log/mail.#</location>
<location>/varlog/maillog.#</location>
</log>
</sources>
or, in .ini style (I'll take it over xml format any day):
[mail]
sources = /var/log/mail.#, /var/log/maillog.#
[login]
sources = /var/log/secure.#, /var/log/messages.#
In the modules you would just which source is required (by id),
instead of listing log sources directly. This would dramatically
simplify tailoring to other OSes -- you would then have a contributed
logs.fedora or logs.debian, and drop them into /etc/epylog without
having to modify all module configs.
Cheers,
--
Konstantin Ryabitsev
Montréal, Québec
11:42 a.m.
Am Donnerstag, den 24.09.2009, 11:44 -0400 schrieb Konstantin Ryabitsev:
2009/9/24 Micha vor dem Berge <m(a)mcvdb.de>:
> 1. Is it right that epylog was originally wrote to run on various BSD
> systems? If yes, this means: The default paths/regex-patterns are fitted
> to those systems.
No, it was written first to run on RHEL3 and RHEL4 machines (which is
what we used at Duke Physics at the time).
Seems like there are more RHEL users (like Jeremy) and epylog behaves
still very docile. That's good!
> So, should we change all the default search-paths for the
modules to fit
> a modern linux system (let's say a debian lenny ;) )? And should we
> likewise change the regex-patterns to work properly on such a system?
>
>
> Just to give you an idea: the logins-module on debian lenny needs to
> search in
> files
> = /var/log/mail.log[.#], /var/log/syslog[.#], /var/log/auth.log[.#]
>
> the 'original' epylog searches in
> files = /var/log/messages[.#], /var/log/secure[.#]
> which is completely different.
>
> Suggestions?
My idea was to change Epylog to define log sources separately from
modules. For example, in sources.xml you would specify:
<sources>
<log id="mail">
<location>/var/log/mail.#</location>
<location>/varlog/maillog.#</location>
</log>
</sources>
or, in .ini style (I'll take it over xml format any day):
[mail]
sources = /var/log/mail.#, /var/log/maillog.#
[login]
sources = /var/log/secure.#, /var/log/messages.#
In the modules you would just which source is required (by id),
instead of listing log sources directly. This would dramatically
simplify tailoring to other OSes -- you would then have a contributed
logs.fedora or logs.debian, and drop them into /etc/epylog without
having to modify all module configs.
I like that idea except two things:
1. Having a separate sources-file in addition to the existing config
file for each module is not that easy to understand for new epylog users
(but if everything works out-of-the-box a user won't care anyway).
2. This is a first step to do a special treatment for every linux
distribution. This may be tiring later on.
Still I like the idea.
The problem of the regex-patters still exists...
Regards,
Micha
5361
days inactive
5372
days old
4 comments
3 participants
participants (3)
-
Jeremy Kindy -
Konstantin Ryabitsev -
Micha vor dem Berge