README for logmonitor By Dave Kelly (dk@lucidstrategies.net) LICENSE: You've got to be kidding me. I would appreciate it if credit to me, the original author, was left in there, but I'm not going to send anyone to your house to break your arms if you don't. God knows I've used enough free software in my life that I should give something back anyway. However, if this program breaks your computer or shoots your dog or something like that, I'm telling you right now I'm not liable for it. Someday, maybe I'll officially make this GPL. Until then, do what you want with it. HISTORY: This script came about because I needed to grab data out of an ever changing logfile. The big problem with this is that how do you know where you left off the last time you parsed it? Well, this is meant to make it where you can focus on writing the code to extract your data without having to think about whether or not you're getting the new log entries that have changed since the last time you checked it. This is an early iteration. One of the purge functions is not yet implemented. It doesn't pull the end of the old file if the logfile rotates in between checks. But I think it should give you accurate data for all other cases. USAGE: 1) Dumping all logfile lines that have changed since the last check: (NOTE: If the logfile has not been checked ever before, it will dump all lines in the logfile) logmonitor dump [uniqid] logfile - Full path to the logfile you are checking. uniqid - This can be used if you need to dump a logfile multiple times. Use a unique identifier for each run against the logfile. 2) Emptying the "marker" database, which stores where you last left off in the logfile: logmonitor purgeall This effectively deletes the marker database, so make sure this is really what you want to do. SHUT UP ALREADY, HOW DO I RUN THIS THING? - Copy the script to wherever you want it to run (I run it via SSH on a remote server, but you can use it however you'd like) - Edit it and make sure your path to PERL is correct, as well as the path for the gdb file. - Edit your Defaults and Targets entries (see below) Here is an example I used to monitor how many viruses are being caught by ClamAV on one of our mailservers. It counts the number of lines in the logfile, as each line represents one virus caught. Instead of piping into wc -l, you could easily pipe it into your own script that parses the logs and spits out data for whatever you're looking for. SAMPLE DEFAULTS FILE: --------------------------------------- Target --default-- directory-desc = "Viruses caught by ClamAV" target-type = emails datasource --default-- rrd-ds-type = GAUGE rrd-heartbeat = 1800 rrd-min = undef rrd-max = undef datasource inEmails ds-source = exec:0:"ssh %user%@%server% \"/usr/local/bin/logmonitor dump %log% | wc -l | sed 's/ *//'\"" targetType emails ds = "inEmails" view = "Viruses: inEmails" graph inEmails color = dark-green draw-as = AREA y-axis = "Virus emails" legend = "Virus emails" --------------------------------------- SAMPLE TARGETS FILE: --------------------------------------- target server.myserver.com short-desc = "server.myserver.com" server = "server.myserver.com" user = "some_trusted_user" log = "/var/spool/qmailscan/quarantine.log" --------------------------------------- Please send feedback, enhancements, suggestions, criticism, patches, checks, money orders, etc to me at dk@lucidstrategies.net!