logcheckd.cfg

NAME

SYNOPSIS

AVAILABILITY

DESCRIPTION

FILEFORMAT

The fileformat for the 'GENERAL OPTIONS' and the 'REPORT OPTIONS' is OPTION=VALUE

Between the OPTION, the = and the VALUE are no spaces.

You should not comment out any OPTION If you like to use default settings simply do not specify a VALUE.

For the 'LOGFILES OPTIONS', the fileformat is field ; field ; field ; field ; field ; field ; (ensure, that between the field and the separator ; are no spaces).

OPTIONS

GENERAL OPTIONS

USE_LEGACY_COMMAND

If this setting is set to True the logcheckd command is started, if it is set to False the new variant lgcheckd is started when invoking the logcheckd command.

Example: USE_LEGACY_COMMAND=False

Default: USE_LEGACY_COMMAND=True

LOG

Log output dir of logcheckd. If you specify a relative path name the path is relative to the root of the EDRC installation.

Example: LOG=/var/opt/ACME/log

Default: LOG=var/log

LOCKDIR

Lock dir of logcheckd. If you specify a relative path name the path is relative to the root of the EDRC installation. In General it is not recommended to set the lockdir within EDRC, locate it in a system own directory.

Example: LOCKDIR=/var/run/logcheckd

Default: LOCKDIR=var/lock

CHECK_INTERVAL

Interval of logcheckd in seconds.

Example: CHECK_INTERVAL=30

Default: CHECK_INTERVAL=10

ANALYSIS_SUSPENSION

If the free space in the COLLECTDIR is not sufficient to analyze a logfile (the available free space must be 1.5 times the size of the logfile to be analyzed), the logfile analysis of the logfile is suspended for the number of seconds specified in this setting. When the ANALYSIS_SUSPENSION is elapsed, the free space is checked again. The logfile analysis will be suspended as long as the free space is not sufficient. When sufficient space is made available, the logfile analysis is resumed automatically.

Example: ANALYSIS_SUSPENSION=600

Default: ANALYSIS_SUSPENSION=300

MIN_FREESPACE

Minimum free disk space in percent (%) in the filesystem where the COLLECTDIR and the REPORTDIR resides. This is the watermark that is considered when checking the free space and which causes a analysis suspension or a "insufficient free space" message when generating a report. Beside to avoid file system fill ups, this setting is used to avoid monitoring alerts when a certain filesystem fill up level is reached.

Example: MIN_FREESPACE=5

Default: MIN_FREESPACE=15

INIT_MODE

Mode on initial startup when a logfile has not been analyzed before. Set FromBeginning to analyze the logfile from the beginning, set FromEnd to analyze logfile beginning at the file end.

Example: INIT_MODE=FromBeginning

Default: INIT_MODE=FromEnd

REPORTDIR

Directory where the LOGCHECK reports are written to. If you specify a relative path name the path is relative to the root of the EDRC installation.

Example: REPORTDIR=/dat/report/ACME/logcheck

Default: REPORTDIR=var/logcheckd/report

CLEAN_REPORT

If this setting is set to True the report output file is removed after sending it.

Example: CLEAN_REPORT=True

Default: CLEAN_REPORT=False

COMPRESS_REPORTMAIL

If set to True the report is attached as a zipped file to the report mail.

Example: COMPRESS_REPORTMAIL=True

Default: COMPRESS_REPORTMAIL=False

COMPRESS_SUFFIX

Compressed attachment file suffix.

Example: COMPRESS_SUFFIX=.ACME.zip

Default: COMPRESS_SUFFIX=.zip

COMPANY

Company. This String will be added to the zipfile comment.

Example: COMPANY="ACME Information Business GmbH, Switzerland"

Default: COMPANY=""

REPORT_STYLE

Report style definition.

Example: REPORT_STYLE=WA2L.css

Default: REPORT_STYLE=WA2L.css

REPORT_NUMBER_START

First report number.

Example: REPORT_NUMBER_START=50000

Default: REPORT_NUMBER_START=10000

CLEAN_COLLECT

If this setting is set to True the report output file is removed after sending it.

Example: CLEAN_COLLECT=False

Default: CLEAN_COLLECT=True

COLLECTDIR

Directory where the log hits are collected to. If you specify a relative path name the path is relative to the root of the EDRC installation.

Example: COLLECTDIR=var/logcheckd/collect

Default: COLLECTDIR=var/logcheckd/collect

PATTERNDIR

Directory where the pattern files are saved. If you specify a relative path name the path is relative to the root of the EDRC installation.

Example: PATTERNDIR=var/logcheckd/pattern

Default: PATTERNDIR=var/logcheckd/pattern

CHECK_LEVELS

Check the listed levels only. This levels should to be defined in the pattern files to have an effect.

Example: CHECK_LEVELS=HIGH,MEDIUM,LOW,EXCLUDE

Default: CHECK_LEVELS=HIGH,MEDIUM,LOW

INTERFACECONFIGDIR

Directory where the interface configuration files are saved. If you specify a relative path name the path is relative to the root of the WA2L/edrc installation.

Example: INTERFACECONFIGDIR=var/logcheckd/iconfig

Default: INTERFACECONFIGDIR=var/logcheckd/iconfig

INTERFACES

Interfaces to be executed when a certain check level matches. The setting is a space separated list of entries in the format: <interface>:<LEVEL1>,<LEVEL2> .

Example: INTERFACES="mail:HIGH CAUnicenter:HIGH,MEDIUM"

Default: INTERFACES=""

ALERT_MAIL_TO

Recipient of the alert mail. Multiple recipients have to be specified as a comma separated list. If no ALERT_MAIL_TO is set, there is no alert mail sent on filesystem shortage and on resumption of log analysis.

Example: ALERT_MAIL_TO=fred.flintstone@acme.ch,support@acme.ch

Default: ALERT_MAIL_TO=""

ALERT_MAIL_SECTION

Section as displayed in the report mail subject line.

Example: ALERT_MAIL_SECTION="system alert"

Default: ALERT_MAIL_SECTION="system alert"

REPORT OPTIONS

REPORT_CUSTOMER

Customer.

Example: REPORT_CUSTOMER=`server_environment -C`

Default: REPORT_CUSTOMER=`server_environment -C`

REPORT_NAME

Name of the report.

Example: REPORT_NAME=LOGCHECK

Default: REPORT_NAME=LOGCHECK

REPORT_SECTION

Section as displayed in the report mail subject line.

Example: REPORT_SECTION=logcheck

Default: REPORT_SECTION=logcheck

REPORT_SERVER_ENVIRONMENT

Server environment where the report is generated.

Example: REPORT_SERVER_ENVIRONMENT=`server_environment`

Default: REPORT_SERVER_ENVIRONMENT=`server_environment`

REPORT_SERVER_ENVIRONMENT_DESCRIPTION

Server environment description where the report is generated.

Example: REPORT_SERVER_ENVIRONMENT_DESCRIPTION=`server_environment -d`

Default: REPORT_SERVER_ENVIRONMENT_DESCRIPTION=`server_environment -d`

REPORT_MAIL_FROM

Sender of the report mail.

Example: REPORT_MAIL_FROM=support@acme.ch

Default: REPORT_MAIL_FROM=${USER}@`hostname`

REPORT_MAIL_TO

Recipient of the report mail. If multiple recipients have to be specified as comma separated list.

Example: REPORT_MAIL_TO=fred.flintstone@acme.ch,support@acme.ch

Default: REPORT_MAIL_TO=""

REPORT_MAIL_CC

Carbon copy recipient of the report mail. If multiple recipients have to be specified as comma separated list.

Example: REPORT_MAIL_CC=donald.duck@acme.ch,daisy.duck@acme.ch

Default: REPORT_MAIL_CC=""

REPORT_MAIL_BCC

Blind carbon copy recipient of the report mail. If multiple recipients have to be specified as comma separated list.

Example: REPORT_MAIL_BCC=dagobert.duck@acme.ch

Default: REPORT_MAIL_BCC=""

REPORT_MAIL_CONFIRMATION_TO

Recipient of the confirmation mail.

Example: REPORT_MAIL_CONFIRMATION_TO=support@acme.ch

Default: REPORT_MAIL_CONFIRMATION_TO=""

LOGFILES OPTIONS

The format of the logfiles specification is:

resolve_mode ; patternfile ; res ; res ; res ; logfile ;

(ensure, that between the field and the separator ; are no spaces)

where the fields have the following content:

resolve_mode

how to resolve the filename:

eval

evaluate the filename dynamically. The variables $HOSTNAME, $TODAY, $YEAR, $MONTH and $DAY are allowed to be used in filenames in the eval mode.

dflt

take the filename precisely as specified

patternfile

pattern file. The pattern files are located in the var/logcheckd/pattern directory. If an operating system dependent pattern file with the name <patternfile>.<OSID> exists (e.g. Cron.Solaris ), this file will be used for logfile analysis, else the pattern file as specified (e.g. Cron ) will be used.

res

reserved for future use, leave it empty.

logfile

logfile to analyze. The logfile has to be specified with an absolute path name.

Example:

dflt;WA2Ledrc;;;;/opt/edrc/var/log/edrc.log;
dflt;All;;;;/etc/rc.log;
eval;MCSG;;;;/etc/cmcluster/*/*.cntl.log;
dflt;sudo;;;;/var/adm/sudo.log;
dflt;Samba;;;;/var/opt/samba/log.smbd;
dflt;syslog;;;;/var/adm/syslog/syslog.log;

FILES

var/samples/templates/logcheck.cfg

Template configuration file for logcheckd.

EXAMPLES

SEE ALSO

NOTES

BUGS

AUTHOR

COPYRIGHT

This is free software; see edrc/doc/COPYING for copying conditions. There is ABSOLUTELY NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.