NAME¶
lwatch.conf — configuration file for
lwatch(1), syntax
highlighting for syslog/syslog-ng file
DESCRIPTION¶
Default configuration file for lwatch is /etc/lwatch/lwatch.conf (built-in
value), but you can specify another file with
-C command line option.
Read
lwatch(1) for details.
Everything from # (hash) to end of line is a comment.
General options¶
cfg_ver - this is obligatory variable and it must be placed as the first
option in config file. This variable contains version of configuration file
syntax. Current manual describes version 1.
rule_action - after successful matching rule lwatch tries to match next
one. You can choose to exit after executing matching rule changing this
parameter from
continue (that's the default) to
exit. You can
override this global parameter for each rule. See section Actions and
modificators.
use_syslog - if set to yes some messages will be logged through syslog,
default is yes
log_level - how verbose log messages should produce lwatch
date_color - default color of date part
host_color - default color of hostname part
serv_color - default color of service part
mesg_color - default color of message part
input_file - where lwatch is reading data from, built-in default is
/var/lib/lwatch/syslog.fifo, could be overwritten with command line option
-i
output_file - where lwatch output colored data; built-in default is
stdout (-), could be overwritten with command line option
-o
show_unparsed - by default lwatch ignores lines which cannot be split
into date, host, service and message, set this variable to yes if you would
like to see those lines; it is the same as command line option
-s
Available colors¶
To specify color you can use following strings: black, red, green, brown, blue,
magenta, cyan, lightgray, darkgray, brightred, brightgreen, yellow,
brightblue, purple, brightcyan, white.
Available log levels¶
To specify the lower visible log level you can use following strings: LOG_EMERG,
LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG.
However, lwatch logs some debug data at LOG_DEBUG, some maybe useful messages
at LOG_NOTICE and errors at LOG_ERROR. So, technically, meaningful values are:
- •
- LOG_DEBUG - log everything
- •
- LOG_NOTICE - log maybe useful messages and errors (this is the
default)
- •
- LOG_ERROR - log only errors (if LOG_NOTICE is too verbose for you this is
the next recommended setting)
- •
- LOG_CRIT - be quiet
Please keep in mind that meaningful values may be a subject of change in future
releases.
Matching patterns¶
There The True Power of Lwatch is hidden. You can match input lines against PCRE
(Perl Compatible Regular Expression) and change output depends on matching.
You can read more about PCRE in
pcrepattern(3) (from libpcre) or in
perlre(1)
(from perl).
There are two ways to define matching pattern/action. First one is the simple
one. Just pattern and one action:
/regexp/ action
The second one is more complex, but it allows to specify more than one action or
modificator with one pattern:
/regexp/ {
action1
action2
...
actionN
}
There is one important thing you should remember. There is no need to quote /
(slash) if you use it inside regexp pattern. For example:
//USR/SBIN/CRON/ { # cron's messages are not important
color=blue # display it in blue
match_service
}
Actions and modificators¶
date_color - set date color
mesg_color,
color - set message color
serv_color - set service name color
host_color - set hostname color
ignore - ignore this pattern, do not match next patterns
exit - do not match next patterns when
rule_action is set to
continue, in other case it is superfluous
continue - continue with next pattern when
rule_action is set to
exit, in other case it is superfluous; please note, that if
ignore> is used in the same action it takes a priority - it makes no
sense to match other rules for string that has been ignored
highlight - highlight matched string with given color (see NOTES)
match_host - match hostname insted message
match_service - match service name instead message
NOTES¶
highlight action changes the matched text. That's why the following part
of configuration wont work:
/root/ highlight=brown
/session closed for user root/ ignore
when
(pam_unix) session closed for user root
would appear as an input line.
First rule changes the text to:
(pam_unix) session closed for user [BROWN]root[NORMAL]
where
[BROWN] and
[NORMAL] are control sequences to change color
to brown, then change it back to default color of this part. Of course this
line does not match the second rule and you can see it on the output.
There are two possible workarounds:
- •
- put the ignore pattern before the highlight one
- •
- enhance your second rules like:
/session closed for user .*root.*/ ignore
EXAMPLES¶
Just look into provided lwatch.conf.
COPYRIGHT¶
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
Regular expression support is provided by the PCRE library package, which is
open source software, written by Philip Hazel, and copyright by the University
of Cambridge, England. This library is available at:
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
SEE ALSO¶
lwatch(1),
pcrepattern(3),
perlre(1)