wiki:WikiStart
Last modified 2 years ago Last modified on 02/11/12 03:31:07

Epylog Log Analyzer

Epylog is a syslog parser which runs periodically, looks at your logs, processes some of the entries in order to present them in a more comprehensible format, and then mails you the output. It is written specifically for large network clusters where a lot of machines (around 50 and upwards) log to the same loghost using syslog or syslog-ng. It is an alternative to a similar package, called "logwatch."

The epylog engine should work on most unix systems running Python-2.2 and above, although currently the processing modules are only written to work with linux (and particularly Red Hat Linux series 7 and above). However, other unix and linux flavors should work fine, as long as they use standard logging facilities and things like PAM.

Features

  • Threaded for faster network lookups
  • Unwraps "last message repeated" lines
  • Mails reports in either html or plain text (or both)
  • Publishes reports to a file with optional notification via email.
  • Accepts "--last hour/2h/2d/2w" command-line arguments
  • Handles modules written in both Python and other languages (though many "neat" features are not available to external modules)

See this commented sample report for a general overview of what the reports look like.

Requirements

The parsing modules are currently only written for linux, so at least at the moment running it on other unixes would not be very efficient (it will still work as long as syslog is used, but many lines will be unparsed).

Requires Python-2.2 or above and libxml2-python.

Known to work out of the box on FC1, FC2, FC3, FC4, EL3, EL4.

Modules

Modules are the parsing engine of epylog. For more info please read modules.txt in doc directory. If you wrote a module, you are encouraged to contribute it back so other people can make use of it. Please send your modules to the mailing list or attach them to a ticket.

See epylog-modules(5) for more info.

Installing

Get, rpm, edit "/etc/epylog/epylog.conf." Alternatively, get the source, tar xzvf, and:

$ autoconf
$ ./configure
$ make
$ make install

See "./configure --help" for more information about the flags you can set.

Edit "/etc/epylog/epylog.conf" (see manpages for more info). For modules, you will need to edit the per-module config files in "/etc/epylog/modules.d" directory.

See epylog.conf(5), and epylog-modules(5) for more information.

Running

You can run epylog from your console by simply executing "epylog", or "epylog --last hour". If you want to run it from cron, then you will probably want to run it with "epylog --cron": this way nothing is output to the console and the engine stores the offset of the logs, knowing where to start off during its next run.

See "epylog --help" or epylog(8) for more information.

Support

Please use the mailing list set up for epylog. To subscribe, please go to the mailing list subscription page.

Contributing

Epylog is in need of love and care! If you use Epylog, please consider giving back to the community by donating your time.

Anonymous git access is available via http://git.fedorahosted.org/git/epylog.git <-- browseable

or by using:

git clone git://git.fedorahosted.org/epylog.git

Commit access

Filing bugs

Unfortunately, spammers make anonymous posting access to the ticketing system very prohibitive. Hence, you have to be signed in with your FAS account in order to be able to create or modify tickets (see above how to get one -- it only takes a minute). If you can't be bothered, just send an email to the mailing list, or directly to me at icon@… and I will open a ticket for you.

License and copyright

  • Copyright © 2001-2005 by Duke University
  • Copyright © 2006-2012 by Konstantin Ryabitsev and contributors

This software is licensed under GNU GPL and comes without any warranty, written or implied. For more information about GNU GPL please see http://www.gnu.org/licenses/gpl.html.

Download

Latest version is: 1.0.7:

Attachments