[fedora-list] How to add a new section in logwatch report

Donald Russell russell.don at gmail.com
Tue Dec 7 17:46:10 UTC 2010 

---
Hey! Hey! You! You! Get off of my cloud!
http://news.cnet.com/8301-13578_3-20002423-38.html


On Fri, Dec 3, 2010 at 14:25, Rich Mahn <rich at lat.com> wrote:

> Donald Russell <russell.don at gmail.com> wrote:
>
> >    I have an application that uses the logger -t <tag> command to add
> >    specific messages in /var/log/messages. I'd like to add those in a
> >    section of it's own in the logwatch report but am having trouble
> >    following the information in /usr/share/doc/logwatch-7.3 in the HOWTO
> >    doc.
> >    I added my new script/filter
> >    /etc/logwatch/scripts/services/myfilter
> >    myfilter is one simple awk comand:
> >    awk '{ if ("mytag:" == $5) { print; }}'
> >    I added the config file for it...A  /etc/logwatch/conf/myfilter.conf
> >    Title = "My App Messages"
> >    LogFile = messages
> >    I also tried a more explicit, LogFile = /var/log/messages
> >    What else do I need to do? when I add a test message to the log with
> >    logger -t mytag this is a test
> >    then run logwatch, I'm not seeing the test message in the report
> >    What did I miss?
> >    Thank you.
> >
>
> It's complicated--there are many many options and, since it's perl scripts,
> there's many ways to do it.
>
> The myfilter.conf file gives options for pre-processing your log file.
> Look at /usr/share/logwatch/default.conf/services/*.conf for examples.
> Look at arpwatch.conf for a simple example.  Note the "OnlyService" and
> the "RemoveHeaders" lines.  They are probably similar to what you want
> if you are pulling lines from /var/log/messsages.
>
> Then look at some files in /usr/share/log/watch/scripts/service.
> I like the 'afpd' as an example of how to grab data from the lines
> you are looking at.
>
> In your /etc/logwatch/scripts/services directory, make sure the
> permissions are 644 -- they are not executable.
>
> This should be enough to get you started.  Report back with more specific
> problems for more specific help.
>
> Good luck
>
>
> Rich
>


Thanks Rich,

I followed the examples, but when I tried "logwatch --service myfilter" I
was geting an error:
    Logwatch does not know how to process service: myfilter

I solved THAT by correcting the name of myfilter in
/etc/logwatch/conf/services from myfilter to myfilter.conf

Now it's working.... now I can concentrate on the actual report. :-)

Cheers!

So, for anybody else looking to add a report section in logwatch

your filter config file goes here: /etc/logwatch/conf/services and must be
named <service>.conf
the actual filter goes here: /etc/logwatch/scripts/services and must be
named <service>

Where <service> is whatever you want to call it... it just has to be the
same in both places... makes sense.

Then logwatch --service <service> will produce your report.

The filter itself is assumed to be written in Perl, so use Perl syntax in
your filter script. Apparently you can configure a different languagein the
.conf file, but I didn't bother figuring that out... it was simpler to do
what I need in Perl than to figure out the nuances of Logwatch
configuration. ;-)

Now that I've actually done it once, it seems pretty simple... so why did it
appear so complicated in the doc? hmmm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20101207/a2430d9b/attachment.html

More information about the users mailing list