NAME
lwatch — syntax highlighting for syslog/syslog-ng file
SYNOPSIS
lwatch [-C filename] [--config filename] [-i filename] [--input
filename] [-o filename] [--output filename] [-sOhv] [--show-
unparsed] [--omit-rc] [--help]
DESCRIPTION
Lwatch is a log colorizer. It reads syslog/syslog-ng data from named
fifo or from stdin and displays colored logs into stdout.
Lwatch is highly user-customizable. It reads configuration data from
the file /etc/lwatch/lwatch.conf or (if given) from the file provided
with option -C
The way it works is simple. It reads a line from input (build-in
default is /var/lib/lwatch/syslog.fifo), splits it into four parts:
date, hostname, service name (with PID, if available) and real message.
Each part has its own default color. You can redefine them in
configuration file. Default colors as the same as in loco(1) [see:
http://www.zjuul.net/~jules/loco/]. But lwatch is not only a static log
colorizer. It is something more. It can colorize your logs any way you
wish. You are able to set a new color for any part (date, host,
service, message) using regexp based patterns.
COMMAND LINE OPTIONS
Lwatch accepts some command line options. Command line options have
precedence over values from configuration file.
-C filename
--config filename
read config from filename instead of /etc/lwatch/lwatch.conf
-i filename
--input filename
read data from named fifo filename instead of
/var/lib/lwatch/syslog.fifo
-o filename
--output filename
write colored logs to filename instead stdout
-s
--show-unparsed
show unparsed lines like ‘last message repeated 5 times’ or
‘--- MARK ---’
-O
--omit-rc do not read values from config file
-h
--help show help about runtime option
-v
--version show version and copyright notices
RUNNING
Preferred way to run lwatch is to read syslog messages from named fifo
or from standard input.
If you use syslog you really want to read messages from named fifo. To
do it, put a line:
*.* |/var/lib/lwatch/syslog.fifo
in your syslog.conf. Create appropriate fifo and restart syslog, then
run lwatch. You can also run lwatch before starting syslog. If you
don’t know how to create named fifo see mknod(1) for details.
Remember:
· fifo must exist
· proper name must be put in /etc/lwatch/lwatch.conf or given with
-i comand line option
In syslog-ng you can run lwatch directly from syslog, i.e.:
log { source(src); destination(console_all);};
destination console_all {program("/usr/bin/lwatch -i- -o/dev/tty11"); };
Lwatch does not support reading from regular files. If you really need
this functionality use following command:
tail -f /path/to/filename | /usr/bin/lwatch -i-
It could be subject to change in the future.
RESOURCES
· http://sf.net/projects/lwatch
· http://freshmeat.net/projects/lwatch/
COPYRIGHT
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
Regular expression support is provided by the PCRE library package,
which is open source software, written by Philip Hazel, and copyright
by the University of Cambridge, England. This library is available at:
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
NOTE FROM AUTHOR
I have written this tool for my own needs because perl tools, however
flexible, eated a lot of memory and CPU. I have found it useful and I
share it with the Open Source Community. But still, developing of this
software is driven by my own needs. So, you could expect next release
in a year or two ;)
It would be really nice if you could find some time and spare it for
rating this project on FreshMeat (see RESOURCES). Comments are welcome
too. I cannot promise that I will add new features to lwatch
immediately but any positive feedback will raise my motivation level
up.
Thank you in advance for your time.
SEE ALSO
lwatch.conf(5)
lwatch(1)