# logparse
-([source](https://git.lorimer.id.au/logparse.git/)) // written by [Andrew Lorimer](https://lorimer.id.au)
+Logparse is a simple and extensible log analyser which parses and summaries medium-term server logs (up to around 30 days old). It reports notable events and statistics reported from common server programs, and has a comprehensive API to allow users to write their own parsers for custom services.
-This is a utility to analyse medium-term logs (up to around 30 days old) on servers. It summarises notable events and statistics reported from several programs. At the moment, logparse can interface with:
+Logparse is also integrated with systemd's `logrotate` to optionally rotate logs only after they have been summarised, and the user may choose to get an email (requires postfix) or a static HTML/plaintext file with the log summary. As an added feature, IP addresses from ssh/samba/apache logs may be resolved to either hostnames or FQDNs.
-- sshd (number of logins, list users & clients)
-- sudo (number of sessions, users, commands)
-- cron (list commands)
-- [nameget](https://git.lorimer.id.au/scripts.git/tree/nameget.sh) (list successful/failed downloads)
-- apache (list requests, clients, user agents, bytes transferred, errors)
-- smbd (number of logins, list users & clients)
-- postfix (list recipients and bytes sent)
-- zfs (srub data, usage data)
-- lmsensors (system, CPU, per-core, per-disk)
-- du (specify paths to show usage and change since last analysis)
+Configuration is through the file `/etc/logparse.conf`, in INI format. A description of the configuration variables is shown below at :ref:`configuration`.
-Support for further services and custom scripts is planned.
+Some features require logparse to be run as root (primarily log rotation). It is recommended to set it up on a cron job on a weekly basis.
-logparse is also integrated with systemd logrotate to optionally rotate logs only after they have been summarised, and the user may choose to get an email (requires postfix) or a static HTML page with the log summary. As an added feature, IP addresses from ssh/samba/apache may be resolved to either hostnames or FQDNs.
+The program is based on a model of independent **parsers** (consisting of Python modules) which analyse logs from a particular service. Logparse comes with a range of these built in, but additional parsers can be written in Python and placed in `/usr/share/logparse/parsers`. At the moment, the built-in parsers are:
-Configuration is through the file `/etc/logparse.conf`, in yaml format.
+- cron (DEPRECATED) - number of commands, list commands (root user only)
+- cron-journald - number of commands, list commands, list commands per user (requires libsystemd)
+- httpd - list requests, clients, user agents, bytes transferred, no. of errors
+- mem - get installed/usable/free memory
+- postfix - list recipients and bytes sent
+- smbd - number of logins, list users & clients
+- sshd (DEPRECATED) - logins by user/hostname, attempted root logins, invalid users
+- sshd-journald - logins by user/hostname, attempted root logins, invalid users (requires libsystemd)
+- sudo - number of sessions, list users and commands
+- sysinfo - hostname, OS, OS version, platform, processors
+- temperature - instantaneous temperatures of motherboard, CPU, cores, disks
+- zfs - zpool scrub reports, disk usage
-Note that logparse must be run as root (preferably as a cron job). This is required for temperature reading and for writing to `/var/log/`.
+For more information, see `logparse(8)` by running `man logparse`.
-### Planned features:
-
-- output to standalone HTML or plaintext file
-- email attached PDF
-- specify user to send mail from
+Website: <https://git.lorimer.id.au/logparse.git>