1epylog(8) Applications/System epylog(8)
2
6 epylog - Syslog new log notifier and parser.
7
10 epylog [-c epylog.conf] [-d LOGLEVEL] [--last PERIOD]
11 [--store-offsets] [--quiet] [--cron]
12
15 Epylog is a new log notifier and parser which runs periodically out of
16 cron, looks at your logs, processes the entries in order to present
17 them in a more comprehensive format, and then provides you with the
18 output. It is written specifically with large network clusters in mind
19 where a lot of machines (around 50 and upwards) log to the same loghost
20 using syslog or syslog-ng.
21 Alternatively, Epylog can be invoked from the command line and provide
23 a log report based on a certain provided time period. In this case it
24 relies on syslog timestamps to find the offsets, as opposed to the end-
25 of-log offsets stored during the last run, though this behavior is not
26 as reliable and is easily thwarted by skewed clocks.
27
30 -c config.file
31 Provide an alternative config file to Epylog. By default, it
32 will look in /etc/epylog/epylog.conf.
33 -d LOGLEVEL
35 Logging level. The default is 1. 0 will produce no output except
36 for critical errors (useful for cron runs). 2 and above are
37 debugging levels. 5 is the most verbose.
38 --last PERIOD
40 Will make a report on events that occurred in the last PERIOD.
41 PERIOD can be either "hour", "day", "week", "month", or more
42 granular: "1h", "2h", "3d", "2w", etc. When --last is specified,
43 epylog will ignore the saved offsets and locate the entries by
44 timestamps. CAUTION: this process is not to be trusted, since
45 the timestamps are not checked for any validity when arriving to
46 the loghost. One reporting machine with a skewed clock may con‐
47 fuse Epylog enough to miss a lot of valid entries.
48 --store-offsets
50 When specified, will store the offset of the last log entry pro‐
51 cessed in offsets.xml. During the cron runs epylog relies on the
52 offset information to find out what new entries to process. This
53 is more trustworthy than relying on timestamps. The default
54 behavior is not to store the offsets, as this allows to run epy‐
55 log both from cron and manually without the two interfering with
56 each-other. The location of offset.xml is specified in epy‐
57 log.conf. See epylog.conf(5) for more details.
58 --quiet
60 In every way identical to -d 0.
61 --cron This is essentially --quiet --store-offsets, plus a lockfile
63 will be created and consulted, preventing more than one instance
64 of epylog from running. You can still run epylog manually -- the
65 lockfile is only checked when running in --cron mode.
66
69 The core of epylog is written in python. It handles things like
70 timestamp lookups, unwrapping of "last message repeated" lines,
71 handling of rotated files, preparing and publishing the reports,
72 etc.
73 The modules are pluggable and can be either "internal", written
75 in python, or external. External modules can be written in any
76 language, but at a price of some convenience. For more info see
77 epylog-modules(5).
78
81 Depending on the size of your logs, you might want to initialize
82 your offsets before letting epylog run from cron. When the off‐
83 sets.xml file is missing, epylog will by default process the
84 entire log, and depending on your configuration, that can be a
85 lot of entries. A good way to init epylog is to run:
86 epylog --last day --store-offsets
88
92 /etc/epylog/epylog.conf
93 /usr/sbin/epylog
94 /etc/cron.daily/epylog.cron
95 /etc/epylog/*
96 /var/lib/epylog/*
97 /usr/share/epylog/modules/*
98
101 The useful way to run from a command line is with --last. E.g.:
102 epylog --last day
104 epylog --last 2w
105 When running from cron, you want to store the offsets and not rely on
107 timestamps. There is a mode that allows you to do this:
108 epylog --cron
110
113 Konstantin Ryabitsev <icon@linux.duke.edu>
114
117 epylog.conf(5) epylog-modules(5)
118Konstantin Ryabitsev 1.0 epylog(8)