Recipe 9.37 Defining a logwatch Filter

9.37.1 Problem

You want logwatch to print reports for a service it does not support.

9.37.2 Solution

Create your own logwatch filter for that service or log file. Suppose you have a service called foobar that writes to the log file /var/log/foobar.log.

  1. Create /etc/log.d/conf/logfiles/foobar.conf containing:

    LogFile = /var/log/foobar.log Archive = foobar.log.* ...
  2. Create /etc/log.d/conf/services/foobar.conf containing:

    LogFile = foobar
  3. Create /etc/log.d/scripts/services/foobar.

    This is a script (Perl, shell, etc.) that matches the desired lines in foobar.log and produces your desired output. logwatch automatically strips the datestamps from syslog-format output, so your script needn't do this.

9.37.3 Discussion

logwatch is more a framework than a log parser. In fact, all parsing is done by auxiliary scripts in /etc/log.d/scripts/services, so for unsupported services, you must write your own scripts. You might think, "Hey, if I have to write these scripts myself, what's the value of logwatch?" The answer is convenience, as well as consistency of organization. It's helpful to have all your log groveling scripts together under one roof. Plus logwatch supplies tons of scripts; use them as examples for writing your own.

To integrate a given service into logwatch, you must define three files:

A logfile group configuration file

Found in /etc/log.d/conf/logfiles, it defines where the service's logs are stored.

A service filter executable

Found in /etc/log.d/scripts/services, it must read log entries from standard input and write whatever you like on standard output.

A service filter configuration file

Found in /etc/log.d/conf/services, it defines the association between the above two files. It specifies that the above-mentioned logs will be fed to the above-mentioned filter.

Our recipe uses minimal configuration files. Plenty of other options are possible.

9.37.4 See Also

/usr/share/doc/logwatch*/HOWTO-Make-Filter documents the full syntax of logwatch filters.



Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net