Provided by: epylog_1.0.8-1_all 
NAME
epylog.conf - epylog configuration
SYNOPSIS
epylog config file is a simple plaintext file in win.ini style format.
Location
Epylog will look in /etc/epylog/epylog.conf by default, but you can override that by
passing -c switch on the command line.
[main]
cfgdir This is where epylog should look for other configuration information, most notably,
modules.d directory. See epylog-modules(5) for more info.
tmpdir Where to create temporary directories and put temporary files. Note that log files
can grow VERY big and epylog might create several copies of them for processing
purposes. Make sure there is no danger of filling up that partition. A good place
on a designated loghost is /var/tmp, since that is usually a separate partition
dedicated entirely for logs.
vardir Where epylog should save its state data, namely the offsets.xml file. The sanest
place for this is /var/lib/epylog.
multimatch
By default, if a line is matched against a module, no other modules will be tried.
This helps speed things up tremendously. However, you may have several modules that
process the same lines (although this is not a very good setup). In that case you
may set this to "yes". The default value is "no".
threads
How many processing threads to start. 50 is a good default value, but you may set
it to less or more, depending on your system.
[report]
title What should be the title of the report. For mailed reports, this is the subject of
the message. For the ones published on the web, this is the title of the page (as
in <title></title>).
template
Which html template should be used for the final report. See the source of the
default template for the format used.
include_unparsed
Can be either "yes" or "no". If "no" is specified, strings that didn't match any of
the modules will not be appended to the report. Not very wise! A good setting is
"yes".
publishers
Lists the publishers to use. The value is the name of the section where to look for
the publisher configuration. E.g.:
publishers = nfspub
will look for a section called "[nfspub]" for publisher initialization. The name of
the publisher has nothing to do with the method it uses for publishing. The fact
that the default are named [file] and [mail] is only a matter of convenience. List
multiple values separated by a comma.
Mail Publisher
method Method must be set to "mail" for this publisher to be considered a mail publisher.
smtpserv
Can be either a hostname of an SMTP server to use, or the location of a sendmail
binary. If the value starts with a "/" it will be considered a path. E.g. valid
entries:
smtpserv = mail.example.com
smtpserv = /usr/sbin/sendmail -t
mailto The list of email addresses where to mail the report. Separate multiple entries by
a comma. If ommitted, "root@localhost" will be used.
format Can be one of the following: html, plain, or both. If you use a mail client that
doesn't support html mail, then you better use "plain" or "both", though you will
miss out on visual cueing that epylog uses to notify of important events.
lynx This is only useful if you use format other than "html". Epylog will use a lynx-
compliant tool to transform HTML into plain text. The following browsers are known
to work: lynx, elinks, w3m.
include_rawlogs
Whether to include the gzipped raw logs with the message. If set to "yes", it will
attach the file with all processed logs with the message. If you use a file
publisher in addition to the mail publisher, this may be a tad too paranoid.
rawlogs_limit
If the size of rawlogs.gz is more than this setting (in kilobytes), then raw logs
will not be attached. Useful if you have a 50Mb log and check your mail over a slow
uplink.
gpg_encrypt
Logs routinely contain sensitive information, so you may want to encrypt the email
report to ensure that nobody can read it other than designated administrators. Set
to "yes" to enable gpg-encryption of the mail report. You will need to install
mygpgme (installed by default on all yum-managed systems).
gpg_keyringdir
If you don't want to use the default keyring (usually /root/.gnupg), you can set up
a separate keyring directory for epylog's use. E.g.:
> mkdir -m 0700 /etc/epylog/gpg
gpg_recipients
List of PGP key id's to use when encrypting the report. The keys must be in the
pubring specified in gpg_keyringdir. If this option is omitted, epylog will encrypt
to all keys found in the pubring. To add a public key to a keyring, you can use the
following command.
> gpg [--homedir=/etc/epylog/gpg] --import pubkey.gpg
You can generate the pubkey.gpg file by running "gpg --export KEYID" on your
workstation, or you can use "gpg --search" to import the public keys from the
keyserver.
gpg_signers
To use the signing option, you will first need to generate a private key:
> gpg [--homedir=/etc/epylog/gpg] --gen-key
Create a sign-only RSA key and leave the passphrase empty. You can then use "gpg
--export" to export the key you have generated and import it on the workstation
where you read mail.
If gpg_signers is not set, the report will not be signed.
File Publisher
method Method must be set to "file" for this config to work as a file publisher.
path Where to place the directories with reports. A sensible location would be in
/var/www/html/epylog. Note that the reports may contain sensitive information, so
make sure you place a .htaccess in that directory and require a password, or limit
by host.
dirmask, filemask
These are the masks to be used for the created directories and files. For format
values look at strftime documentation here:
http://www.python.org/doc/current/lib/module-time.html
save_rawlogs
Whether to save the raw logs in a file in the same directory as the report. The
default is off, since you can easily look in the original log sources.
expire_in
A digit specifying the number of days after which the old directories should be
removed. Default is 7.
notify Optionally send notifications to these email addresses when new reports become
available. Comment out if no notification is desired. This is definitely redundant
if you also use the mail publisher.
smtpserv
Use this smtp server when sending notifications. Can be either a hostname or a path
to sendmail. Defaults to "/usr/sbin/sendmail -t".
pubroot
When generating a notification message, use this as publication root to make a
link. E.g.:
pubroot = http://www.example.com/epylog
will make a link: http://www.example.com/epylog/dirname/filename.html
COMMENTS
Lines starting with "#" will be considered commented out.
AUTHORS
Konstantin Ryabitsev <icon@linux.duke.edu>
SEE ALSO
epylog(3), epylog(8), epylog-modules(5)