lgcpattern

Package: WA2L/edrc 1.5.57
Section: Library Commands (3)
Updated: 01 March 2025
Index Return to Main Contents

NAME

lgcpattern - check/verify a logcheckd and lgcheckd pattern file definition

SYNOPSIS

edrc/lib/lgcpattern [ -h ]

cat logfile | lgcpattern [ -s | -i ] patternfile

lgcpattern [ -s | -i ] patternfile < logfile

cat logfile | lgcpattern ( -p | -P )

lgcpattern ( -p | -P ) < logfile

AVAILABILITY

WA2L/edrc

DESCRIPTION

utility to help to define a logcheckd.pattern(4) file.

OPTIONS

-h

print usage message.

-s

print match statistics for each pattern.

This output can be used to re-arrange the pattern sequence in the pattern file for best performance.

-i

print only the [IGNORED] log lines, the lines that do not match to any pattern.

-p

produce patterns from logfile stream to be used in patternfiles.

The output is reduced by a leading time stamp, characters that are special to regular expressions are escaped and numbers are replaced by related regular expressions.

-P

as the -p option, but also print the commented (# ...) original log message line before the related pattern.

patternfile

pattern file name as present in the pattern file directory.

Please note that the pattern file including an operating system id osid(3) has to be specified. This allows to also check pattern files of operating systems different to the one logged-on to be checked.

logfile

log file stream to check the patternfile against.

ENVIRONMENT

EXIT STATUS

0

no error.

1

pattern file does not exist.

4

usage message printed.

FILES

edrc/var/logcheckd/pattern/

pattern file directory.

edrc/var/logcheckd/pattern/patternfile

pattern file to check/analyse/verify against a log file data stream.

EXAMPLES

1) Analyze parts of a log file

Use the last 10 lines of the /var/log/syslog log file and check it against the syslog.Linux-64 pattern file.

This to see which message match against the patternfile and for which no matches exist (=[IGNORED]) and for which matches patterns are probably missing (=[VERIFY]).

  tail -10 /var/log/syslog | \
    lgcpattern syslog.Linux-64

2) Analyze pattern file definition

Use the last 10000 lines of the /var/log/syslog log file to verify the syslog.Linux-64 pattern file.

This to see a statistics of message-match counts to patterns in the patternfile.

This result can be used to possibly rearrange the pattern sequence to improve analysis efficiency.

  tail -10000 /var/log/syslog | \
    lgcpattern -s syslog.Linux-64

3) Generate patterns based on a log file

Use the last 10 lines of the /var/log/syslog log file to generate patterns for the log lines.

Each "patternized" line is prepended by a commented original message line to ease up pattern definition.

  tail -10 /var/log/syslog | \
    lgcpattern -P

4) Generate unique patterns based on a log file

Use the last 10 lines of the /var/log/syslog log file to generate unique patterns for the log lines.

  tail -10 /var/log/syslog | \
    lgcpattern -p | sort -u

5) Generate patterns for un-categorized log entries

Use the last 500 lines of the /var/log/syslog log file to generate a list of unique patterns for the log lines that are currently not matched by any pattern of the pattern file syslog.Linux-64.

  tail -500 /var/log/syslog | \
    lgcpattern -i syslog.Linux-64 | \
    lgcpattern -p | sort -u

NOTES

BUGS

AUTHOR

lgcpattern was developed by Christian Walther. Send suggestions and bug reports to wa2l@users.sourceforge.net .

COPYRIGHT

This is free software; see edrc/doc/COPYING for copying conditions. There is ABSOLUTELY NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This document was created by man2html using the manual pages.
Time: 22:02:10 GMT, March 01, 2025