Man Linux: Main Page and Category List


       lwatch.conf   —  configuration  file for lwatch(1), syntax highlighting
       for syslog/syslog-ng file


       Default  configuration  file  for  lwatch  is   /etc/lwatch/lwatch.conf
       (built-in value), but you can specify another file with -C command line
       option. Read lwatch(1) for details.

       Everything from # (hash) to end of line is a comment.

   General options
       cfg_ver - this is obligatory variable and it  must  be  placed  as  the
       first  option  in  config  file.  This  variable  contains  version  of
       configuration file syntax. Current manual describes version 1.

       rule_action - after successful matching rule lwatch tries to match next
       one. You can choose to exit after executing matching rule changing this
       parameter from continue (that’s the default) to exit. You can  override
       this   global   parameter  for  each  rule.  See  section  Actions  and

       use_syslog - if set to yes some messages will be logged through syslog,
       default is yes

       log_level - how verbose log messages should produce lwatch

       date_color - default color of date part

       host_color - default color of hostname part

       serv_color - default color of service part

       mesg_color - default color of message part

       input_file  -  where  lwatch  is reading data from, built-in default is
       /var/lib/lwatch/syslog.fifo, could be  overwritten  with  command  line
       option -i

       output_file  -  where  lwatch  output colored data; built-in default is
       stdout (-), could be overwritten with command line option -o

       show_unparsed -  by  default  lwatch  ignores  lines  which  cannot  be
       splitted into date, host, service and message, set this variable to yes
       if you would like to see those lines; it is the same  as  command  line
       option -s

   Available colors
       To  specify  color  you  can  use following strings: black, red, green,
       brown,   blue,   magenta,   cyan,   lightgray,   darkgray,   brightred,
       brightgreen, yellow, brightblue, purple, brightcyan, white.

   Matching patterns
       There  The  True  Power  of Lwatch is hidden. You can match input lines
       against PCRE (Perl Compatible Regular  Expression)  and  change  output
       depends  on  matching.  You  can read more about PCRE in pcrepattern(3)
       (from libpcre) or in perlre(1) (from perl).

       There are two ways to define matching pattern/action. First one is  the
       simple one. Just pattern and one action:

       /regexp/      action

       The  second one is more complex, but it allows to specify more than one
       action or modificator with one pattern:

       /regexp/      {

       There is one important thing you should remember. There is no  need  to
       quote / (slash) if you use it inside regexp pattern. For example:

       //USR/SBIN/CRON/        {       # cron’s messages are not important
               color=blue              # display it in blue

   Actions and modificators
       date_color - set date color

       mesg_color, color - set message color

       serv_color - set service name color

       host_color - set hostname color

       ignore - ignore this pattern, do not match next patterns

       exit  - do not match next patterns when rule_action is set to continue,
       in other case it is superfluous

       continue - continue with next pattern when rule_action is set to  exit,
       in  other  case it is superfluous; please note, that if ignore> is used
       in the same action it takes a priority - it makes  no  sense  to  match
       other rules for string that has been ignored

       highlight - highlight matched string with given color (see NOTES)

       match_host - match hostname insted message

       match_service - match service name instead message


       highlight  action  changes  the matched text.  That’s why the following
       part of configuration wont work:

       /root/                         highlight=brown
       /session closed for user root/ ignore


       (pam_unix) session closed for user root

       would appear as an input line.

       First rule changes the text to:

       (pam_unix) session closed for user [BROWN]root[NORMAL]

       where [BROWN] and [NORMAL] are control sequences  to  change  color  to
       brown,  then  change  it  back to default color of this part. Of course
       this line does not match the second rule and you  can  see  it  on  the

       There are two possible workarounds:

          ·  put the ignore pattern before the highlight one

          ·  enhance your second rules like:

       /session closed for user .*root.*/ ignore


       Just look into provided lwatch.conf.


       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free  Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       Regular expression support is provided by  the  PCRE  library  package,
       which  is  open source software, written by Philip Hazel, and copyright
       by the University of Cambridge, England. This library is available  at:


       lwatch(1), pcrepattern(3), perlre(1)