Skip to content

Latest commit

 

History

History

logalert-x

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
contrib
contrib
 
 
debian
debian
 
 
doc
doc
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
INSTALL
INSTALL
 
 
LICENSE
LICENSE
 
 
Makefile.am
Makefile.am
 
 
NEWS
NEWS
 
 
PKGBUILD.in
PKGBUILD.in
 
 
README.md
README.md
 
 
THANKS
THANKS
 
 
action.c
action.c
 
 
action.h
action.h
 
 
catChangeLog
catChangeLog
 
 
common.h
common.h
 
 
conf-email
conf-email
 
 
conf-version
conf-version
 
 
configure.ac
configure.ac
 
 
create_archpkg
create_archpkg
 
 
create_debian
create_debian
 
 
create_rpm
create_rpm
 
 
default.configure
default.configure
 
 
defs.h
defs.h
 
 
incrmesg.1
incrmesg.1
 
 
incrmesg.c
incrmesg.c
 
 
lex.l
lex.l
 
 
log.c
log.c
 
 
log.h
log.h
 
 
logalert-release.in
logalert-release.in
 
 
logalert-rpmlintrc.in
logalert-rpmlintrc.in
 
 
logalert.8
logalert.8
 
 
logalert.html
logalert.html
 
 
logalert.man
logalert.man
 
 
logalert.pt.t2t
logalert.pt.t2t
 
 
logalert.spec.in
logalert.spec.in
 
 
logalert.t2t
logalert.t2t
 
 
logclient.c
logclient.c
 
 
logclient.man
logclient.man
 
 
logsrv.8
logsrv.8
 
 
logsrv.c
logsrv.c
 
 
logsrv.man
logsrv.man
 
 
main.c
main.c
 
 
monitor.c
monitor.c
 
 
monitor.h
monitor.h
 
 
parser.y
parser.y
 
 
parsers.c
parsers.c
 
 
parsers.h
parsers.h
 
 
perm_list.in
perm_list.in
 
 
prepare_obs
prepare_obs
 
 
process.c
process.c
 
 
process.h
process.h
 
 
rpclog.8
rpclog.8
 
 
rpclog.c
rpclog.c
 
 
showbytes.1
showbytes.1
 
 
showbytes.c
showbytes.c
 
 
sig.c
sig.c
 
 
sig.h
sig.h
 
 
tls.c
tls.c
 
 
tls.h
tls.h
 
 
user.c
user.c
 
 
user.h
user.h
 
 
utils.c
utils.c
 
 
utils.h
utils.h
 
 

README.md

LOGALERT

Lastchange: 2005 08 30

THANKS for downloading and (so far :-) reading this! I hope you enjoy and would like to receive your feedback.

DESCRIPTION

logalert is a logfile monitoring tool which executes a specific action whenever it matches a string (pattern) occurrence.

It reads an entire file [or starts at the end, just like 'tail -f'], keeps track of any changes, waiting for a specific string [a syslog process error, a user login, ...] and fires an action you define when that happens.

Log rotation or temporary removal ? No problem, we can deal with that ! System administrators normaly configure a logrotation process to rotate file as they grown or based on certain time periods [daily, weekly, ...] truncating or temporily removing them - logalert keeps track of them even so.

LICENSE

Please refer to LICENSE for license details.

INSTALATION

Please refer to INSTALL for instalation details.

DOCUMENTATION

You can always find the latest documentation at:

http:https://logalert.sourceforge.net

Or you can look at doc/ directory where you'll find this releases documents.

EXTRAS

Look at contrib/ directory, you'll find some extra-goodies. For example, there you'll find a perl script 'sendmail' if you plan to configure some auto-mailing actions.

EXAMPLES

1.Imagine you have a VPN in your firewall server and would like to restart it everytime it goes down. The process related to the VPN reports it's information via syslog to

/var/log/vpn

... and everytime a problem occurs, it dumps the message:

    'Error: problem found, quiting...'

You already have a script in /etc/init.d/startprocess that [re]starts that guy, so you could:

./logalert --match='[Ee]rror: problem found, quiting...' --exec='/etc/init.d/startprocess \
   restart' /var/log/process.log
  1. Ok, you have dozens of files you whish to monitor ? Just create a configuration file like this:
logalert.conf
---------------
filename /var/log/messages
{
        match           = /[Ee][Rr]{2}or: VPN has lost/
        exec            = /etc/init.d/vpn restart
        match_sleep     = 5
        retry           = 3
        user            = vpnuser
}

filename /var/log/mail
{
        match           = /Bounce from:/
        exec            = /home/willy/alertme.sh
        match_sleep     = 5
        retry           = 3
        user            = willy
}

[...]

And start logalert in parent mode:

./logalert -c /etc/logalert.conf