headers
phillip | 16 Aug 2005 00:03
Favicon

notices_local


Hello,

I'm new to Epylog. So far with basic configuration it has helped us. I think it has  a lot of potential. And I'm probably going to have lots of questions to post on this list :)

My first question is with the notice_local.xml file. What log files does epylog parse to match patterns in notice_local.xml? And can I configure it to match patterns in a custom log file.

So instead of using notice_local.xml to match patters in /var/log/messages, I'd want it to look at /var/log/my_file.log

I've reviewed the available documentation many times to look for the answer, so I hope I didn't over look it.

Thanks!

Your friendly neighborhood SA,
phiLLip
_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog
Permalink | Reply | 3 comments |
headers
Sean O'Connell | 16 Aug 2005 00:14

Re: notices_local

The entries that you add to notices_local.xml are parsed by the notices
module, so you need to change the files definition
in /etc/epylog/modules.d/notices.conf (assuming a standard rpm install).

Sean

On Mon, 2005-08-15 at 18:03 -0400, phillip <at> fiu.edu wrote:
> 
> Hello, 
> 
> I'm new to Epylog. So far with basic configuration it has helped us. I
> think it has  a lot of potential. And I'm probably going to have lots
> of questions to post on this list :) 
> 
> My first question is with the notice_local.xml file. What log files
> does epylog parse to match patterns in notice_local.xml? And can I
> configure it to match patterns in a custom log file. 
> 
> So instead of using notice_local.xml to match patters
> in /var/log/messages, I'd want it to look at /var/log/my_file.log 
> 
> I've reviewed the available documentation many times to look for the
> answer, so I hope I didn't over look it. 
> 
> Thanks! 
> 
> Your friendly neighborhood SA,
> phiLLip
> _______________________________________________
> Epylog mailing list
> Epylog <at> linux.duke.edu
> https://lists.dulug.duke.edu/mailman/listinfo/epylog
Permalink | Reply | 2 comments |
headers
phillip | 16 Aug 2005 00:53
Favicon

Re: notices_local


Okay so then I thought I might be missing something. For some reason I don't have a notices.conf. I installed from epylog-1.0.3-1.noarch.rpm. Would it be safe to assume that if I create a notices.conf epylog will detect it? Could you post your notices.conf so I can be sure I have the correct syntax and values for that file?

Thanks!

Your friendly neighborhood SA,
phiLLip


"Sean O'Connell" <sean <at> ee.duke.edu>
Sent by: epylog-bounces <at> linux.duke.edu

08/15/2005 06:14 PM
Please respond to Epylog mailing list

       
        To:        Epylog mailing list <epylog <at> linux.duke.edu>
        cc:        
        Subject:        Re: [Epylog] notices_local



The entries that you add to notices_local.xml are parsed by the notices
module, so you need to change the files definition
in /etc/epylog/modules.d/notices.conf (assuming a standard rpm install).

Sean

On Mon, 2005-08-15 at 18:03 -0400, phillip <at> fiu.edu wrote:
>
> Hello,
>
> I'm new to Epylog. So far with basic configuration it has helped us. I
> think it has  a lot of potential. And I'm probably going to have lots
> of questions to post on this list :)
>
> My first question is with the notice_local.xml file. What log files
> does epylog parse to match patterns in notice_local.xml? And can I
> configure it to match patterns in a custom log file.
>
> So instead of using notice_local.xml to match patters
> in /var/log/messages, I'd want it to look at /var/log/my_file.log
>
> I've reviewed the available documentation many times to look for the
> answer, so I hope I didn't over look it.
>
> Thanks!
>
> Your friendly neighborhood SA,
> phiLLip
> _______________________________________________
> Epylog mailing list
> Epylog <at> linux.duke.edu
> https://lists.dulug.duke.edu/mailman/listinfo/epylog

_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog

_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog
Permalink | Reply | 1 comment |
headers
Sean O'Connell | 16 Aug 2005 01:07

Re: notices_local

Phil-

That file is (should be) part of the rpm.

rpm -qf /etc/epylog/modules.d/notices.conf
epylog-0:1.0.3-1.noarch

I would highly recommend reinstalling the rpm.

Sean

On Mon, 2005-08-15 at 18:53 -0400, phillip <at> fiu.edu wrote:
> 
> Okay so then I thought I might be missing something. For some reason I
> don't have a notices.conf. I installed from epylog-1.0.3-1.noarch.rpm.
> Would it be safe to assume that if I create a notices.conf epylog will
> detect it? Could you post your notices.conf so I can be sure I have
> the correct syntax and values for that file? 
> 
> Thanks! 
> 
> Your friendly neighborhood SA,
> phiLLip 
> 
> 
> 
> "Sean O'Connell"
> <sean <at> ee.duke.edu> 
> Sent by: epylog-
> bounces <at> linux.duke.edu 
> 
> 08/15/2005 06:14 PM 
> Please respond to
> Epylog mailing list 
> 
> 
>          
>         To:
>  Epylog mailing list
> <epylog <at> linux.duke.edu> 
>         cc:         
>         Subject:
>  Re: [Epylog]
> notices_local
> 
> 
> 
> The entries that you add to notices_local.xml are parsed by the
> notices
> module, so you need to change the files definition
> in /etc/epylog/modules.d/notices.conf (assuming a standard rpm
> install).
> 
> Sean
> 
> On Mon, 2005-08-15 at 18:03 -0400, phillip <at> fiu.edu wrote:
> > 
> > Hello, 
> > 
> > I'm new to Epylog. So far with basic configuration it has helped us.
> I
> > think it has  a lot of potential. And I'm probably going to have
> lots
> > of questions to post on this list :) 
> > 
> > My first question is with the notice_local.xml file. What log files
> > does epylog parse to match patterns in notice_local.xml? And can I
> > configure it to match patterns in a custom log file. 
> > 
> > So instead of using notice_local.xml to match patters
> > in /var/log/messages, I'd want it to look at /var/log/my_file.log 
> > 
> > I've reviewed the available documentation many times to look for the
> > answer, so I hope I didn't over look it. 
> > 
> > Thanks! 
> > 
> > Your friendly neighborhood SA,
> > phiLLip
Permalink | Reply | 0 comments |
headers
phillip | 16 Aug 2005 01:49
Favicon

Re: notices_local

Sure enough...
# rpm -qf /etc/epylog/modules.d/notices.conf
epylog-1.0.3-1
However the file isn't there. I had installed epylog on another system, and the file is there. So I guess I'll just copy it over and I'll be set. But that is strange!
Your friendly neighborhood SA,
phiLLip

-----epylog-bounces <at> linux.duke.edu wrote: -----

To: Epylog mailing list <epylog <at> linux.duke.edu>
From: "Sean O'Connell" <sean <at> ee.duke.edu>
Sent by: epylog-bounces <at> linux.duke.edu
Date: 08/15/2005 07:07PM
Subject: Re: [Epylog] notices_local

Phil-

That file is (should be) part of the rpm.

rpm -qf /etc/epylog/modules.d/notices.conf
epylog-0:1.0.3-1.noarch

I would highly recommend reinstalling the rpm.

Sean


On Mon, 2005-08-15 at 18:53 -0400, phillip <at> fiu.edu wrote:
>
> Okay so then I thought I might be missing something. For some reason I
> don't have a notices.conf. I installed from epylog-1.0.3-1.noarch.rpm.
> Would it be safe to assume that if I create a notices.conf epylog will
> detect it? Could you post your notices.conf so I can be sure I have
> the correct syntax and values for that file?
>
> Thanks!
>
> Your friendly neighborhood SA,
> phiLLip
>
>
>
> "Sean O'Connell"
> <sean <at> ee.duke.edu>
> Sent by: epylog-
> bounces <at> linux.duke.edu
>
> 08/15/2005 06:14 PM
> Please respond to
> Epylog mailing list
>
>
>          
>         To:
>  Epylog mailing list
> <epylog <at> linux.duke.edu>
>         cc:        
>         Subject:
>  Re: [Epylog]
> notices_local
>
>
>
> The entries that you add to notices_local.xml are parsed by the
> notices
> module, so you need to change the files definition
> in /etc/epylog/modules.d/notices.conf (assuming a standard rpm
> install).
>
> Sean
>
> On Mon, 2005-08-15 at 18:03 -0400, phillip <at> fiu.edu wrote:
> >
> > Hello,
> >
> > I'm new to Epylog. So far with basic configuration it has helped us.
> I
> > think it has  a lot of potential. And I'm probably going to have
> lots
> > of questions to post on this list :)
> >
> > My first question is with the notice_local.xml file. What log files
> > does epylog parse to match patterns in notice_local.xml? And can I
> > configure it to match patterns in a custom log file.
> >
> > So instead of using notice_local.xml to match patters
> > in /var/log/messages, I'd want it to look at /var/log/my_file.log
> >
> > I've reviewed the available documentation many times to look for the
> > answer, so I hope I didn't over look it.
> >
> > Thanks!
> >
> > Your friendly neighborhood SA,
> > phiLLip


_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog
_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog
Permalink | Reply | 0 comments |
headers
Lisa Young | 12 Aug 2005 17:15
Picon
Favicon

logfile path

I have got a little further since last time.

In my module configs, when I have the path files =
/var/log/logfiles/*/*/*/*[.#] and with all of the modules enabled I get the
following when running Epylog:

Invoking: "Initializing epylog"...
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Spamassassin" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Packet Filter" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Mail Report" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Notices" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Logins" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Weedeater" disabled
  Error returned: No modules are enabled. Exiting.

When I then specified an actual file in module ‘logins.conf’ it then parsed
the log correctly:

Invoking: "Initializing epylog"...
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Spamassassin" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Packet Filter" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Mail Report" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Notices" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Weedeater" disabled
(Hanging from "Initializing epylog")....done
Invoking: "Restoring log offsets"...
Restoring log offsets...done
Invoking the module execution routines:
Invoking: "Processing internal modules"...
  /var/log/logfiles/stargate/2005/08/auth2: [133 of 137 lines parsed]
  Telling all threads to quit
  Waiting for threads to finish: [      all threads done     ]
  Invoking: "Finished all matching, now finalizing"...
    Invoking: "Finalizing "Logins""...
    Finalizing "Logins"...done
  (Hanging from "Finished all matching, now finalizing")....done
(Hanging from "Processing internal modules")....done
Finished processing modules
Invoking: "Making the report"...
Making the report...done
Invoking: "Publishing the report"...
  Report saved in: /var/www/html/epylog/2005-Aug-12_Fri
  Gzipping 1549.log: [       gzipped down to 1146 bytes      ]
  Gzipped logs saved in: /var/www/html/epylog/2005-Aug-12_Fri
(Hanging from "Publishing the report")....done
Invoking: "Cleaning up"...
Cleaning up...done

So, my question is this, are they failing because ‘ * ‘ is not a wildcard?
If so how would I tell it to look in multiple directories and files?

I also tried /[*]/[*]/[*]/[*.#] and /[#]/[#]/[#]/[#.#] but I get the
following:

Invoking: "Initializing epylog"...
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Spamassassin" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Packet Filter" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Mail Report" disabled
  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"
  Module "Notices" disabled
Traceback (most recent call last):
  File "/usr/sbin/epylog", line 300, in ?
    main(sys.argv)
  File "/usr/sbin/epylog", line 263, in main
    epylog = Epylog(config_file, logger)
  File "/usr/lib/python2.3/site-packages/epylog/__init__.py", line 250, in
__init__
    module = Module(cfgfile, logtracker, tmpprefix, logger)
  File "/usr/lib/python2.3/site-packages/epylog/module.py", line 119, in
__init__
    log = logtracker.getlog(entry)
  File "/usr/lib/python2.3/site-packages/epylog/log.py", line 134, in getlog
    log = self._init_log_by_entry(entry)
  File "/usr/lib/python2.3/site-packages/epylog/log.py", line 258, in
_init_log_by_entry
    log = Log(entry, self.tmpprefix, self.monthmap, self.logger)
  File "/usr/lib/python2.3/site-packages/epylog/log.py", line 439, in
__init__
    logfile = LogFile(filename, tmpprefix, monthmap, logger)
  File "/usr/lib/python2.3/site-packages/epylog/log.py", line 905, in
__init__
    self._initfile()
  File "/usr/lib/python2.3/site-packages/epylog/log.py", line 945, in
_initfile
    self.fh = open(self.filename)
IOError: [Errno 21] Is a directory

Any suggestions would be greatly appreciated, thanks.

Lisa Young
OSS: Production Support
Tel:         +44 (0) 208 6224103
Mob:       +44 (0) 7795 336922
Email:      lisa.young <at> ukbroadband.com

UK Broadband  Limited 
Privileged/Confidential information may be contained in this Communication
(which includes any attachment). If you are not an intended recipient, you
must not use, copy, disclose, distribute or retain this communication or any
part of it. Instead, please delete all copies of this communication from
your computer system and notify the sender immediately by reply email. Thank
you.

--

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.7/70 - Release Date: 11/08/2005

================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is
addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or
otherwise disseminating it or any information contained in it. 

In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
or return the E.mail to postmaster <at> multiplay.co.uk.
Permalink | Reply | 0 comments |
headers
Peter Hall | 17 Aug 2005 14:04
Picon
Picon

Wildcards in files-definitions?

Hi

We're using a centralized syslog-ng server to log several host
to /data/log/$HOST/$FACILITY

Is there any way to use wildcards in regards to which directories to
check for logs?

Please CC to me since I'm not on the list.

Thanks!

/Peter Hall
Permalink | Reply | 1 comment |
headers
Lisa Young | 8 Aug 2005 17:26
Favicon

epylog modules disabled

I’m still have trouble executing epylog, it tells me my modules are all disabled, however the each module conf file, they are all enabled = yes.

 

 

root <at> server1:/etc/epylog/modules.d# /usr/sbin/epylog -c /etc/epylog/epylog.conf

Invoking: "Initializing epylog"...

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Spamassassin" disabled

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Packet Filter" disabled

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Mail Report" disabled

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Notices" disabled

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Logins" disabled

  Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

  Module "Weedeater" disabled

  Error returned: No modules are enabled. Exiting.

root <at> server1:/etc/epylog/modules.d#

 

 

 

however my module configs look like (as an example; logins.conf):

 

 

[module]

desc = Logins

exec = /usr/share/epylog/modules/logins_mod.py

files = /var/log/logfiles/*/*/*/*[.#.gz]

enabled = yes

internal = yes

outhtml = yes

priority = 0

 

[conf]

##

# Only enable things useful for your configuration to speed things

# up. The more stuff you enable, the slower matching will be.

#

enable_pam = 1

enable_xinetd = 1

enable_sshd = 1

enable_uw_imap = 0

enable_dovecot = 0

enable_courier = 0

enable_imp = 0

enable_proftpd = 0

 

 

Any ideas?

 

Regards


Lisa Young

 


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.2/65 - Release Date: 07/08/2005

_______________________________________________
Epylog mailing list
Epylog <at> linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/epylog
Permalink | Reply | 4 comments |
headers
Konstantin Ryabitsev | 17 Aug 2005 15:49

Re: Wildcards in files-definitions?

Peter Hall wrote:
> Hi
> 
> We're using a centralized syslog-ng server to log several host
> to /data/log/$HOST/$FACILITY
> 
> Is there any way to use wildcards in regards to which directories to
> check for logs?

No, there is no such feature at the moment, though it should be 
pretty easy to do shell globbing.

--icon
Permalink | Reply | 0 comments |
headers
Konstantin Ryabitsev | 17 Aug 2005 15:55

Re: epylog modules disabled

Lisa Young wrote:
> I’m still have trouble executing epylog, it tells me my modules are all 
> disabled, however the each module conf file, they are all enabled = yes.
...
> Invoking: "Initializing epylog"...
> 
>   Could not init logfile for entry "/var/log/logfiles/*/*/*/*[.#]"

Same here, Epylog doesn't do shell globbing at the moment, since it 
expects all entries to be in one file. I'm not sure if I am going to 
add wildcard matching to Epylog-1.x, since that's a whole lot of new 
code, plus a lot more files to track. You can configure your syslog 
server to additionally log into one big file -- that's what we (or, 
rather, they :)) do in physics: there are per-host entries, plus a 
combination of all reporting hosts in one file per matching facility.

--icon
Permalink | Reply | 3 comments |

Gmane