Man Linux: Main Page and Category List

NAME

       epylog - Syslog new log notifier and parser.

SYNOPSIS

       epylog [-c epylog.conf] [-d LOGLEVEL] [--last PERIOD]
              [--store-offsets] [--quiet] [--cron]

DESCRIPTION

       Epylog  is a new log notifier and parser which runs periodically out of
       cron, looks at your logs, processes the entries  in  order  to  present
       them  in  a  more  comprehensive format, and then provides you with the
       output. It is written specifically with large network clusters in  mind
       where a lot of machines (around 50 and upwards) log to the same loghost
       using syslog or syslog-ng.

       Alternatively, Epylog can be invoked from the command line and  provide
       a  log  report based on a certain provided time period. In this case it
       relies on syslog timestamps to find the offsets, as opposed to the end-
       of-log  offsets stored during the last run, though this behavior is not
       as reliable and is easily thwarted by skewed clocks.

OPTIONS

       -c config.file
              Provide an alternative config file to  Epylog.  By  default,  it
              will look in /etc/epylog/epylog.conf.

       -d LOGLEVEL
              Logging level. The default is 1. 0 will produce no output except
              for critical errors (useful for cron  runs).  2  and  above  are
              debugging levels. 5 is the most verbose.

       --last PERIOD
              Will  make  a report on events that occurred in the last PERIOD.
              PERIOD can be either "hour", "day",  "week",  "month",  or  more
              granular: "1h", "2h", "3d", "2w", etc. When --last is specified,
              epylog will ignore the saved offsets and locate the  entries  by
              timestamps.  CAUTION:  this  process is not to be trusted, since
              the timestamps are not checked for any validity when arriving to
              the  loghost.  One  reporting  machine  with  a skewed clock may
              confuse Epylog enough to miss a lot of valid entries.

       --store-offsets
              When specified, will store the offset  of  the  last  log  entry
              processed  in offsets.xml. During the cron runs epylog relies on
              the offset information to find out what new entries to  process.
              This is more trustworthy than relying on timestamps. The default
              behavior is not to store the offsets,  as  this  allows  to  run
              epylog  both  from cron and manually without the two interfering
              with each-other. The location  of  offset.xml  is  specified  in
              epylog.conf. See epylog.conf(5) for more details.

       --quiet
              In every way identical to -d 0.

       --cron This  is  essentially  --quiet  --store-offsets, plus a lockfile
              will be created and consulted, preventing more than one instance
              of epylog from running. You can still run epylog manually -- the
              lockfile is only checked when running in --cron mode.

FEATURES

              The core of epylog is written in python. It handles things  like
              timestamp  lookups, unwrapping of "last message repeated" lines,
              handling of rotated files, preparing and publishing the reports,
              etc.

              The  modules are pluggable and can be either "internal", written
              in python, or external. External modules can be written  in  any
              language,  but at a price of some convenience. For more info see
              epylog-modules(5).

INITIAL RUN

              Depending on the size of your logs, you might want to initialize
              your  offsets  before  letting  epylog  run  from cron. When the
              offsets.xml file is missing, epylog will by default process  the
              entire  log,  and depending on your configuration, that can be a
              lot of entries. A good way to init epylog is to run:

              epylog --last day --store-offsets

FILES

       /etc/epylog/epylog.conf
       /usr/sbin/epylog
       /etc/cron.daily/epylog.cron
       /etc/epylog/*
       /var/lib/epylog/*
       /usr/share/epylog/modules/*

EXAMPLES

       The useful way to run from a command line is with --last. E.g.:

       epylog --last day
       epylog --last 2w

       When running from cron, you want to store the offsets and not  rely  on
       timestamps. There is a mode that allows you to do this:

       epylog --cron

AUTHORS

       Konstantin Ryabitsev <icon@linux.duke.edu>

SEE ALSO

       epylog.conf(5) epylog-modules(5)