Andrew's git / logparse.git / README.md
?
README.mdon commit rename parsers, better journald integration (e1f7605)
   1# logparse
   2
   3Logparse is a simple and extensible log analyser which parses and summaries medium-term server logs (up to around 30 days old). It reports notable events and statistics reported from common server programs, and has a comprehensive API to allow users to write their own parsers for custom services.
   4
   5Logparse is also integrated with systemd's `logrotate` to optionally rotate logs only after they have been summarised, and the user may choose to get an email (requires postfix) or a static HTML/plaintext file with the log summary. As an added feature, IP addresses from ssh/samba/apache logs may be resolved to either hostnames or FQDNs.
   6
   7Configuration is through the file `/etc/logparse.conf`, in INI format. A description of the configuration variables is shown below at :ref:`configuration`.
   8
   9Some features require logparse to be run as root (primarily log rotation). It is recommended to set it up on a cron job on a weekly basis.
  10
  11The program is based on a model of independent **parsers** (consisting of Python modules) which analyse logs from a particular service. Logparse comes with a range of these built in, but additional parsers can be written in Python and placed in `/usr/share/logparse/parsers`. At the moment, the built-in parsers are:
  12
  13- cron (DEPRECATED) - number of commands, list commands (root user only)
  14- cron-journald - number of commands, list commands, list commands per user (requires libsystemd)
  15- httpd - list requests, clients, user agents, bytes transferred, no. of errors
  16- mem - get installed/usable/free memory
  17- postfix - list recipients and bytes sent
  18- smbd - number of logins, list users & clients
  19- sshd (DEPRECATED) - logins by user/hostname, attempted root logins, invalid users
  20- sshd-journald - logins by user/hostname, attempted root logins, invalid users (requires libsystemd)
  21- sudo - number of sessions, list users and commands
  22- sysinfo - hostname, OS, OS version, platform, processors
  23- temperature - instantaneous temperatures of motherboard, CPU, cores, disks
  24- zfs - zpool scrub reports, disk usage
  25
  26For more information, see `logparse(8)` by running `man logparse`.
  27
  28Website: <https://git.lorimer.id.au/logparse.git>