Andrew's git - logparse.git/blob

07ea15e097699023a21b62ae9a9fb18b2c687b04
   1.. logparse documentation master file, created by
   2   sphinx-quickstart on Sat Aug 31 23:02:08 2019.
   3   You can adapt this file completely to your liking, but it should at least
   4   contain the root `toctree` directive.
   5
   6logparse
   7====================================
   8
   9.. toctree::
  10   :maxdepth: 2
  11   :caption: Contents:
  12
  13Introduction
  14############
  15
  16Logparse is a simple and extensible log analyser which parses and summaries analyse medium-term server logs (up to around 30 days old). It reports notable events and statistics reported from common server programs. The program is based on a model of independent **parsers** (consisting of Python modules) which analyse logs from a particular service. Logparse comes with a range of these built in, but additional parsers can be written in Python and placed in `/usr/share/logparse/parsers`. At the moment, the default parsers are:
  17
  18+-----------------+-----------------------------------------------------------------------+---------------------------+
  19| Parser          | Output                                                                | Dependencies              |
  20+=================+=======================================================================+===========================+
  21| httpd           | list requests, clients, user agents, bytes transferred, no. of errors | Apache                    |
  22+-----------------+-----------------------------------------------------------------------+---------------------------+
  23| cron            | number of commands, list commands (root user only)                    |                           |
  24+-----------------+-----------------------------------------------------------------------+---------------------------+
  25| cron-journald   | number of commands, list commands, list commmands per user            | libsystemd                |
  26+-----------------+-----------------------------------------------------------------------+---------------------------+
  27| mem             | get installed, usable, and free memory                                |                           |
  28+-----------------+-----------------------------------------------------------------------+---------------------------+
  29| postfix         | list recipients and bytes sent                                        | postfix                   |
  30+-----------------+-----------------------------------------------------------------------+---------------------------+
  31| smbd            | number of logins, list users and clients                              + samba                     |
  32+-----------------+-----------------------------------------------------------------------+---------------------------+
  33| sshd            | logins by user/hostname, attempted root logins, invalid users         |                           |
  34+-----------------+                                                                       +---------------------------+
  35| sshd-journald   |                                                                       | libsystemd                |
  36+-----------------+-----------------------------------------------------------------------+---------------------------+
  37| sudo            | number of sudo sessions, list users and commands                      +                           |
  38+-----------------+-----------------------------------------------------------------------+---------------------------+
  39| sysinfo         | hostname, OS, OS version, platform, processor(s)                      +                           |
  40+-----------------+-----------------------------------------------------------------------+---------------------------+
  41| temperature     | instantaneous temperatures of motherboard, CPU, cores, disks          + hddtemp daemon, lmsensors |
  42+-----------------+-----------------------------------------------------------------------+---------------------------+
  43| zfs             | zpool scrub reports, disk usage                                       + zfsonlinux + cron job     |
  44+-----------------+-----------------------------------------------------------------------+---------------------------+
  45
  46Support for further services and custom scripts is planned.
  47
  48Logparse is also integrated with systemd's `logrotate` to optionally rotate logs only after they have been summarised, and the user may choose to get an email (requires postfix) or a static HTML/plaintext file with the log summary. As an added feature, IP addresses from ssh/samba/apache logs may be resolved to either hostnames or FQDNs.
  49
  50Configuration is through the file `/etc/logparse.conf`, in yaml format.
  51
  52Some features require logparse to be run as root (primarily log rotation). It is recommended to set it up on a cron job on a weekly basis.
  53
  54Indices and tables
  55##################
  56
  57* :ref:`genindex`
  58* :ref:`modindex`
  59* :ref:`search`