| < lbcd | Russ Allbery > Software | newsyslog > |
Undetectable errors are infinite in variety, in contrast to detectable errors, which by definition are limited.
Glib's 3rd Law of Unreliability
This program reads logs written by multilog (part of the daemontools package by Dan Bernstein), discards any lines matching regular expressions in its configuration file, and mails the rest to a configured e-mail address after converting the timestamps to human-readable form. The e-mail is sent using qmail-remote directly, which requires qmail be installed on the system but which allows multilog-watch to send mail even if the local mail system is down.
The primary intended purpose of this program is to monitor qmail log files for any unusual entries, but it can monitor any log files generated by multilog. I run it periodically from cron on all systems on which I run qmail so that I'm immediately notified of anything strange happening (such as mail deliveries to programs failing for some reason).
multilog-watch saves a timestamp of the last log entry that it scanned and knows not to rescan logs that have already been scanned. It correctly handles scanning multiple logs rotated by multilog in a directory and won't open old log files unnecessarily.
This sample configuration file ignores all normal qmail messages and errors due to bad remote addresses, but will still catch errors from local deliveries.
For a similar program to analyze syslog files, see filter-syslog.
Perl 5.005 or later is required. Outgoing mail is sent via qmail-remote, so a local qmail installation, or at least enough of one to make qmail-remote work correctly, is also required. (The program could potentially be modified to fall back on another sending method, such as Net::SMTP, but I've not done this yet.)
The program:
| multilog-watch 1.12 | 2004-12-09 | Download |
Documentation:
Copyright 2001, 2002 Board of Trustees, Leland Stanford Jr. University.
This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself. This means that you may choose between the two licenses that Perl is released under: the GNU GPL and the Artistic License. Please see your Perl distribution for the details and copies of the licenses.
| < lbcd | Russ Allbery > Software | newsyslog > |