Easily monitor and archive your system log reports.

If you want to monitor your server logs and also like them to be emailed then just Logwatch may not be sufficient. It sends you a mail but does not archive them, so head over to epylog

Name        : epylog
Arch        : noarch
Epoch       : 0
Version     : 1.0.7
Release     : 9.fc22
Size        : 151 k
Repo        : fedora
Summary     : New logs analyzer and parser
URL         : https://fedorahosted.org/epylog/
License     : GPLv2+
Description : Epylog is a new log notifier and parser which runs periodically out of
: cron, looks at your logs, processes the entries in order to present
: them in a more comprehensive format, and then provides you with the
: output. It is written specifically with large network clusters in mind
: where a lot of machines (around 50 and upwards) log to the same
: loghost using syslog or syslog-ng.

To install :

dnf install epylog

After this you need to configure the directory for the archiving and also the means of transport, that could be just File or File with email. In the second case, the reports are archived and email sent with link to the report.

 

Here is the sample configuration that I am using

[main]
cfgdir = /etc/epylog
tmpdir = /var/tmp
vardir = /var/lib/epylog

[report]
title = [Cron] ubu  @@HOSTNAME@@ system events: @@LOCALTIME@@
template = /etc/epylog/report_template.html
include_unparsed = yes
publishers = file

[mail]
method = mail
smtpserv = /usr/sbin/sendmail -t
mailto = root
format = html
lynx = /usr/bin/lynx
include_rawlogs = no
rawlogs_limit = 200
##
# GPG encryption requires pygpgme installed
#
gpg_encrypt = no
# If gpg_keyringdir is omitted, we’ll use the default ~/.gnupg for the
# user running epylog (/root/.gnupg, usually).
#gpg_keyringdir = /etc/epylog/gpg/
# List key ids, can be emails or fingerprints. If omitted, we’ll
# encrypt to all keys found in the pubring.
#gpg_recipients = admin1@example.com, admin2@example.com
# List key ids that we should use to sign the report.
# If omitted, the report will not be signed, only encrypted.
#gpg_signers = epylog@logserv.example.com

[file]
method = file
path = /var/www/epylog
dirmask = %Y-%b-%d_%a
filemask = %H%M
save_rawlogs = no
expire_in = 700
notify = root@localhost
smtpserv = /usr/sbin/sendmail -t
pubroot = http://example.com/cgi-bin/pager.py?

After you are done, you might want to head over to Fedora Wiki for Epylog and then download the weed_local file and parser.py file. The weed local file is a file containing the regex for common errors that you do not want to see in reports. So, feel free to add yours. And parser.py file sets up a pager. Download that and put it in the cgi-bin directory and configure the epylog data directory, and you are done.

colorize your logs

CCZE is a robust and modular log colorizer with plugins for apm, exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd, vsftpd, xferlog, and more.

For installation

sudo yum install ccze

and to use it:

tail -f -n 50 /var/log/firewalld | ccze
#or better yet
cat  /var/log/firewalld | ccze|more

Quick tip on zipping logs in real time.

Sometimes, some small things that we don’t actually think can be useful are such useful. I faced this couple of days back when I was working on something and the amount of logs getting generated and the files getting rotated was too fast. If I had to use this for sometime, I needed some script, application or something to make sure that the logs are zipped every few seconds. Finding an application for this would take time and what good is bash if we need to find applications for this. So, a simple bash command did the trick. Most of us would know this but applying it and using it at the right time, was what saved my life. Thanks to bash. Here is the command:

1
2
3
4
5
6
7
8
9
for i in *.log

do

gzip $i

sleep 5

done

Can it get simpler than this 🙂