1epylog.conf(5) Applications/System epylog.conf(5)
2
6 epylog.conf - epylog configuration
7
10 epylog config file is a simple plaintext file in win.ini style format.
11
14 Epylog will look in /etc/epylog/epylog.conf by default, but you can
15 override that by passing -c switch on the command line.
16
19 cfgdir This is where epylog should look for other configuration infor‐
20 mation, most notably, modules.d directory. See epylog-modules(5)
21 for more info.
22 tmpdir Where to create temporary directories and put temporary files.
24 Note that log files can grow VERY big and epylog might create
25 several copies of them for processing purposes. Make sure there
26 is no danger of filling up that partition. A good place on a
27 designated loghost is /var/tmp, since that is usually a separate
28 partition dedicated entirely for logs.
29 vardir Where epylog should save its state data, namely the offsets.xml
31 file. The sanest place for this is /var/lib/epylog.
32 multimatch
34 By default, if a line is matched against a module, no other mod‐
35 ules will be tried. This helps speed things up tremendously.
36 However, you may have several modules that process the same
37 lines (although this is not a very good setup). In that case you
38 may set this to "yes". The default value is "no".
39 threads
41 How many processing threads to start. 50 is a good default
42 value, but you may set it to less or more, depending on your
43 system.
44
47 title What should be the title of the report. For mailed reports, this
48 is the subject of the message. For the ones published on the
49 web, this is the title of the page (as in <title></title>).
50 template
52 Which html template should be used for the final report. See the
53 source of the default template for the format used.
54 include_unparsed
56 Can be either "yes" or "no". If "no" is specified, strings that
57 didn't match any of the modules will not be appended to the
58 report. Not very wise! A good setting is "yes".
59 publishers
61 Lists the publishers to use. The value is the name of the sec‐
62 tion where to look for the publisher configuration. E.g.:
63 publishers = nfspub
64 will look for a section called "[nfspub]" for publisher initial‐
65 ization. The name of the publisher has nothing to do with the
66 method it uses for publishing. The fact that the default are
67 named [file] and [mail] is only a matter of convenience. List
68 multiple values separated by a comma.
69
72 method Method must be set to "mail" for this publisher to be considered
73 a mail publisher.
74 smtpserv
76 Can be either a hostname of an SMTP server to use, or the loca‐
77 tion of a sendmail binary. If the value starts with a "/" it
78 will be considered a path. E.g. valid entries:
79 smtpserv = mail.example.com
80 smtpserv = /usr/sbin/sendmail -t
81 mailto The list of email addresses where to mail the report. Separate
83 multiple entries by a comma. If ommitted, "root@localhost" will
84 be used.
85 format Can be one of the following: html, plain, or both. If you use a
87 mail client that doesn't support html mail, then you better use
88 "plain" or "both", though you will miss out on visual cueing
89 that epylog uses to notify of important events.
90 lynx This is only useful if you use format other than "html". Epylog
92 will use a lynx-compliant tool to transform HTML into plain
93 text. The following browsers are known to work: lynx, elinks,
94 w3m.
95 include_rawlogs
97 Whether to include the gzipped raw logs with the message. If set
98 to "yes", it will attach the file with all processed logs with
99 the message. If you use a file publisher in addition to the mail
100 publisher, this may be a tad too paranoid.
101 rawlogs_limit
103 If the size of rawlogs.gz is more than this setting (in kilo‐
104 bytes), then raw logs will not be attached. Useful if you have a
105 50Mb log and check your mail over a slow uplink.
106 gpg_encrypt
108 Logs routinely contain sensitive information, so you may want to
109 encrypt the email report to ensure that nobody can read it other
110 than designated administrators. Set to "yes" to enable gpg-
111 encryption of the mail report. You will need to install mygpgme
112 (installed by default on all yum-managed systems).
113 gpg_keyringdir
115 If you don't want to use the default keyring (usually
116 /root/.gnupg), you can set up a separate keyring directory for
117 epylog's use. E.g.:
118 > mkdir -m 0700 /etc/epylog/gpg
119 gpg_recipients
121 List of PGP key id's to use when encrypting the report. The keys
122 must be in the pubring specified in gpg_keyringdir. If this
123 option is omitted, epylog will encrypt to all keys found in the
124 pubring. To add a public key to a keyring, you can use the fol‐
125 lowing command.
126 > gpg [--homedir=/etc/epylog/gpg] --import pubkey.gpg
127 You can generate the pubkey.gpg file by running "gpg --export
128 KEYID" on your workstation, or you can use "gpg --search" to
129 import the public keys from the keyserver.
130 gpg_signers
132 To use the signing option, you will first need to generate a
133 private key:
134 > gpg [--homedir=/etc/epylog/gpg] --gen-key
135 Create a sign-only RSA key and leave the passphrase empty. You
136 can then use "gpg --export" to export the key you have generated
137 and import it on the workstation where you read mail.
138 If gpg_signers is not set, the report will not be signed.
139
142 method Method must be set to "file" for this config to work as a file
143 publisher.
144 path Where to place the directories with reports. A sensible location
146 would be in /var/www/html/epylog. Note that the reports may con‐
147 tain sensitive information, so make sure you place a .htaccess
148 in that directory and require a password, or limit by host.
149 dirmask, filemask
151 These are the masks to be used for the created directories and
152 files. For format values look at strftime documentation here:
153 http://www.python.org/doc/current/lib/module-time.html
154 save_rawlogs
156 Whether to save the raw logs in a file in the same directory as
157 the report. The default is off, since you can easily look in
158 the original log sources.
159 expire_in
161 A digit specifying the number of days after which the old direc‐
162 tories should be removed. Default is 7.
163 notify Optionally send notifications to these email addresses when new
165 reports become available. Comment out if no notification is
166 desired. This is definitely redundant if you also use the mail
167 publisher.
168 smtpserv
170 Use this smtp server when sending notifications. Can be either a
171 hostname or a path to sendmail. Defaults to "/usr/sbin/sendmail
172 -t".
173 pubroot
175 When generating a notification message, use this as publication
176 root to make a link. E.g.:
177 pubroot = http://www.example.com/epylog
178 will make a link: http://www.example.com/epylog/dirname/file‐
179 name.html
180
183 Lines starting with "#" will be considered commented out.
184
187 Konstantin Ryabitsev <icon@linux.duke.edu>
188
191 epylog(3), epylog(8), epylog-modules(5)
192Konstantin Ryabitsev 1.0 epylog.conf(5)