|
logparser |
Logparser - Client application for Peep: The Network Auralizer.
Logparser is a client for Peep which monitors log files such as
/var/log/messages /var/log/maillog /var/log/httpd/access_log
etc. and initiates Peep events based on matching regular expressions.
Events are broadcast to the Peep server, peepd, which then translates the event into an aural signal such as a chirping bird or laughing monkey.
This application is a part of Peep and requires that the Peep Perl modules have been installed.
logparser supports the following command-line options:
--events=[STRING] The string of events to scan for. For more information,
consult the Peep configuration file documentation
--logfile=[PATH] The path of the logfiles to scan, delimited by ','
In addition, the following options are common to all Peep clients:
--theme=[THEME] Use the theme THEME. A class must also be
specified.
--class=[CLASS] Use the class CLASS
--config=[PATH] Path to the configuration file to use
--debug=[NUMBER] Enable debugging. (Def: 0)
--nodaemon Do not run in daemon mode
--pidfile=[PATH] The file to write the pid out to (Def: /var/run/logparser.pid)
--output=[PATH] The file to log logparser output to (Def: stderr)
--noautodiscovery Disables autodiscovery and enables the server and port options
--server=[HOST] The host (or IP address) to connect to
--port=[PORT NO] The port to use
--protocol=[tcp|udp] The protocol that will be used for client-server communication.
(Def: tcp)
--silent Does not produce output. To eliminate all output,
either the debug option should be set to 0 or
an output file should be specified.
--help Prints a simple help message
logparser
logparser --help
logparser --nodaemon --noautodiscovery --server=localhost --port=2000
logparser --config=/usr/local/etc/peep.conf --debug=9
logparser --theme=appserver.xml --class=home
logparser --logfile=/var/log/messages --debug=9
logparser --output=/var/log/peepd/logparser.log --debug=7
Perhaps the best way to describe the configuration is by example:
# All patterns matched are done using Perl/awk matching syntax
# Commented lines are ones that BEGIN with a '#'
#
# Name Group Location Priority Notification Pattern Hosts
#
green-river default 128 255 warn "greenriver" www
code-red default 128 255 warn "default\.ida" localhost
http www 255 0 info "(GET|POST).*HTTP" www
su-login default 128 255 warn "PAM_unix\[\d+\]: \(system-auth\) .* opened .* root" localhost
su-logout default 128 255 warn "PAM_unix\[\d+\]: \(system-auth\) .* closed .* root" localhost
# note that if one of the previous 2 regexes match, the following 2 will be ignored
login default 128 255 info "PAM_unix\[\d+\]: \(system-auth\) .* opened" localhost
logout default 128 0 info "PAM_unix\[\d+\]: \(system-auth\) .* closed" localhost
ssh-logins default 128 2 info "sshd.*Accepted password" localhost
#bad-query www 128 3 warn "ORA-\d{5}" localhost
bad-login default 128 255 warn "pam_unix.*\[\d+\]: authentication failure" localhost
ip-deny firewall 128 255 warn "DENY" www
Please note that the logparser configuration format changed between
version 0.4.2 and 0.4.3. The current version of logparser no
longer supports configuration formats prior to 0.4.3.
Michael Gilfix <mgilfix@eecs.tufts.edu> Copyright (C) 2000
Collin Starkweather <collin.starkweather@colorado.edu>
perl(1), peepd(1), Net::Peep::Client, peepd.
|
logparser |