Easily monitor and archive your system log reports.

2015-06-29 3 min read Fedora Linux

If you want to monitor your server logs and also like them to be emailed then just Logwatch may not be sufficient. It sends you a mail but does not archive them, so head over to epylog

Name        : epylog
Arch        : noarch
Epoch       : 0
Version     : 1.0.7
Release     : 9.fc22
Size        : 151 k
Repo        : fedora
Summary     : New logs analyzer and parser
URL         : https://fedorahosted.org/epylog/
License     : GPLv2+
Description : Epylog is a new log notifier and parser which runs periodically out of
cron, looks at your logs, processes the entries in order to present
them in a more comprehensive format, and then provides you with the
output. It is written specifically with large network clusters in mind
where a lot of machines (around 50 and upwards) log to the same
loghost using syslog or syslog-ng.

To install :

dnf install epylog

After this you need to configure the directory for the archiving and also the means of transport, that could be just File or File with email. In the second case, the reports are archived and email sent with link to the report.

 

Here is the sample configuration that I am using

[main]
cfgdir = /etc/epylog
tmpdir = /var/tmp
vardir = /var/lib/epylog

[report]
title = [Cron] ubu  @@HOSTNAME@@ system events: @@LOCALTIME@@
template = /etc/epylog/report_template.html
include_unparsed = yes
publishers = file

[mail]
method = mail
smtpserv = /usr/sbin/sendmail -t
mailto = root
format = html
lynx = /usr/bin/lynx
include_rawlogs = no
rawlogs_limit = 200

# GPG encryption requires pygpgme installed

gpg_encrypt = no
# If gpg_keyringdir is omitted, we’ll use the default ~/.gnupg for the
# user running epylog (/root/.gnupg, usually).
#gpg_keyringdir = /etc/epylog/gpg/
# List key ids, can be emails or fingerprints. If omitted, we’ll
# encrypt to all keys found in the pubring.
#gpg_recipients = admin1@example.com, admin2@example.com
# List key ids that we should use to sign the report.
# If omitted, the report will not be signed, only encrypted.
#gpg_signers = epylog@logserv.example.com

[file]
method = file
path = /var/www/epylog
dirmask = %Y-%b-%d_%a
filemask = %H%M
save_rawlogs = no
expire_in = 700
notify = root@localhost
smtpserv = /usr/sbin/sendmail -t
pubroot = http://example.com/cgi-bin/pager.py?

After you are done, you might want to head over to Fedora Wiki for Epylog and then download the weed_local file and parser.py file. The weed local file is a file containing the regex for common errors that you do not want to see in reports. So, feel free to add yours. And parser.py file sets up a pager. Download that and put it in the cgi-bin directory and configure the epylog data directory, and you are done.

comments powered by Disqus