[fedora-list] How to add a new section in logwatch report
Donald Russell
russell.don at gmail.com
Tue Dec 7 17:46:10 UTC 2010
---
Hey! Hey! You! You! Get off of my cloud!
http://news.cnet.com/8301-13578_3-20002423-38.html
On Fri, Dec 3, 2010 at 14:25, Rich Mahn <rich at lat.com> wrote:
> Donald Russell <russell.don at gmail.com> wrote:
>
> > I have an application that uses the logger -t <tag> command to add
> > specific messages in /var/log/messages. I'd like to add those in a
> > section of it's own in the logwatch report but am having trouble
> > following the information in /usr/share/doc/logwatch-7.3 in the HOWTO
> > doc.
> > I added my new script/filter
> > /etc/logwatch/scripts/services/myfilter
> > myfilter is one simple awk comand:
> > awk '{ if ("mytag:" == $5) { print; }}'
> > I added the config file for it...A /etc/logwatch/conf/myfilter.conf
> > Title = "My App Messages"
> > LogFile = messages
> > I also tried a more explicit, LogFile = /var/log/messages
> > What else do I need to do? when I add a test message to the log with
> > logger -t mytag this is a test
> > then run logwatch, I'm not seeing the test message in the report
> > What did I miss?
> > Thank you.
> >
>
> It's complicated--there are many many options and, since it's perl scripts,
> there's many ways to do it.
>
> The myfilter.conf file gives options for pre-processing your log file.
> Look at /usr/share/logwatch/default.conf/services/*.conf for examples.
> Look at arpwatch.conf for a simple example. Note the "OnlyService" and
> the "RemoveHeaders" lines. They are probably similar to what you want
> if you are pulling lines from /var/log/messsages.
>
> Then look at some files in /usr/share/log/watch/scripts/service.
> I like the 'afpd' as an example of how to grab data from the lines
> you are looking at.
>
> In your /etc/logwatch/scripts/services directory, make sure the
> permissions are 644 -- they are not executable.
>
> This should be enough to get you started. Report back with more specific
> problems for more specific help.
>
> Good luck
>
>
> Rich
>
Thanks Rich,
I followed the examples, but when I tried "logwatch --service myfilter" I
was geting an error:
Logwatch does not know how to process service: myfilter
I solved THAT by correcting the name of myfilter in
/etc/logwatch/conf/services from myfilter to myfilter.conf
Now it's working.... now I can concentrate on the actual report. :-)
Cheers!
So, for anybody else looking to add a report section in logwatch
your filter config file goes here: /etc/logwatch/conf/services and must be
named <service>.conf
the actual filter goes here: /etc/logwatch/scripts/services and must be
named <service>
Where <service> is whatever you want to call it... it just has to be the
same in both places... makes sense.
Then logwatch --service <service> will produce your report.
The filter itself is assumed to be written in Perl, so use Perl syntax in
your filter script. Apparently you can configure a different languagein the
.conf file, but I didn't bother figuring that out... it was simpler to do
what I need in Perl than to figure out the nuances of Logwatch
configuration. ;-)
Now that I've actually done it once, it seems pretty simple... so why did it
appear so complicated in the doc? hmmm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20101207/a2430d9b/attachment.html
More information about the users
mailing list