Epylog Log Analyzer

Epylog is a syslog parser which runs periodically, looks at your logs, processes some of the entries in order to present them in a more comprehensible format, and then mails you the output. It is written specifically for large network clusters where a lot of machines (around 50 and upwards) log to the same loghost using syslog or syslog-ng. It is an alternative to a similar package, called LogWatch.

The epylog engine should work on most unix systems running Python-2.2 and above, although currently the processing modules are only written to work with linux (and particularly Red Hat Linux series 7 and above). However, other unix and linux flavors should work fine, as long as they use standard logging facilities and things like PAM.

Features

• Threaded for faster network lookups
• Unwraps "last message repeated" lines
• Mails reports in either html or plain text (or both)
• Publishes reports to a file with optional notification via email.
• Accepts --last hour/2h/2d/2w command-line arguments
• Handles modules written in both Python and other languages (though many "neat" features are not available to external modules)

You may view a commented sample report.

Requirements

The parsing modules are currently only written for linux, so at least at the moment running it on other unixes would not be very efficient (it will still work as long as syslog is used, but many lines will be unparsed).

Requires Python-2.2 or above and libxml2-python.

Known to work out of the box on FC1, FC2, FC3, FC4, EL3, EL4.

Modules

Modules are the parsing engine of epylog. For more info please read modules.txt in doc directory. If you wrote a module, you are encouraged to contribute it back so other people can make use of it. Please send your modules to the mailing list or attach them to an RFE request in bugzilla.

See epylog-modules(5) for more info.

Installing

Get, rpm, edit /etc/epylog/epylog.conf. Alternatively, get the source, tar xzvf, and:

• $ ./configure
• $ make
• $ make install

See "./configure --help" for more information about the flags you can set.

Edit /etc/epylog/epylog.conf (see manpages for more info). For modules, you will need to edit the per-module config files in /etc/epylog/modules.d directory.

See epylog.conf(5), and epylog-modules(5) for more information.

Running

You can run epylog from your console by simply executing "epylog", or "epylog --last hour". If you want to run it from cron, then you will probably want to run it with "epylog --cron": this way nothing is output to the console and the engine stores the offset of the logs, knowing where to start off during its next run.

See "epylog --help" or epylog(8) for more information.

Support

Please use the mailing list set up for epylog. To subscribe, please go to the Mailing list subscription page.

Bug reports

Please submit any bugs to the epylog bugzilla:

• Epylog Bugzilla

CVS access

You can access CVS via the web here:

• ViewCVS interface

Alternatively, you can use anonymous CVS access, though it is only synced with the main repository once a day.

• $ export CVSROOT=':pserver:anonymous.[at].devel.linux.duke.edu/cvsroot/epylog/cvs-root/'
• $ cvs login
• (hit enter -- there is no password)
• $ cvs -z3 co epylog

Maintainer

Epylog is maintained by Konstantin Ryabitsev.

License and Copyright

Epylog is © 2001-2005 by Duke University. Parsing modules are copyrighted separately -- please see the source code for each module for the copyright information.

This software is licensed under GNU GPL and comes without any warranty, written or implied. For more information about GNU GPL please see http://www.gnu.org/licenses/gpl.html. The modules are licensed separately -- please see the module source for terms and conditions.

Download

Latest version is: 1.0.3:

• ChangeLog
• SHA1SUM
• Signing Key
• Signing Key on pgp.mit.edu