Ubuntu Manpage: epylog.conf - epylog configuration

NAME

       epylog.conf - epylog configuration

SYNOPSIS

       epylog config file is a simple plaintext file in win.ini style format.

Location

       Epylog will look in /etc/epylog/epylog.conf by default, but you can override that by passing -c switch on
       the command line.

[main]

       cfgdir This  is  where  epylog  should  look for other configuration information, most notably, modules.d
              directory. See epylog-modules(5) for more info.

       tmpdir Where to create temporary directories and put temporary files. Note that log files can  grow  VERY
              big  and epylog might create several copies of them for processing purposes. Make sure there is no
              danger of filling up that partition. A good place on a designated loghost is /var/tmp, since  that
              is usually a separate partition dedicated entirely for logs.

       vardir Where epylog should save its state data, namely the offsets.xml file. The sanest place for this is
              /var/lib/epylog.

       multimatch
              By  default,  if  a  line  is matched against a module, no other modules will be tried. This helps
              speed things up tremendously. However, you may have several modules that process  the  same  lines
              (although  this  is  not  a  very good setup). In that case you may set this to "yes". The default
              value is "no".

       threads
              How many processing threads to start. 50 is a good default value, but you may set it  to  less  or
              more, depending on your system.

[report]

       title  What  should  be  the title of the report. For mailed reports, this is the subject of the message.
              For the ones published on the web, this is the title of the page (as in <title></title>).

       template
              Which html template should be used for the final report. See the source of  the  default  template
              for the format used.

       include_unparsed
              Can  be  either  "yes" or "no". If "no" is specified, strings that didn't match any of the modules
              will not be appended to the report. Not very wise! A good setting is "yes".

       publishers
              Lists the publishers to use. The value is the name of the section where to look for the  publisher
              configuration. E.g.:
              publishers = nfspub
              will  look for a section called "[nfspub]" for publisher initialization. The name of the publisher
              has nothing to do with the method it uses for publishing. The fact  that  the  default  are  named
              [file] and [mail] is only a matter of convenience. List multiple values separated by a comma.

Mail Publisher

       method Method must be set to "mail" for this publisher to be considered a mail publisher.

       smtpserv
              Can  be  either  a hostname of an SMTP server to use, or the location of a sendmail binary. If the
              value starts with a "/" it will be considered a path. E.g. valid entries:
              smtpserv = mail.example.com
              smtpserv = /usr/sbin/sendmail -t

       mailto The list of email addresses where to mail the report. Separate multiple entries  by  a  comma.  If
              ommitted, "root@localhost" will be used.

       format Can  be  one of the following: html, plain, or both. If you use a mail client that doesn't support
              html mail, then you better use "plain" or "both", though you will miss out on visual  cueing  that
              epylog uses to notify of important events.

       lynx   This  is only useful if you use format other than "html". Epylog will use a lynx-compliant tool to
              transform HTML into plain text. The following browsers are known to work: lynx, elinks, w3m.

       include_rawlogs
              Whether to include the gzipped raw logs with the message. If set to "yes", it will attach the file
              with all processed logs with the message. If you use a file publisher  in  addition  to  the  mail
              publisher, this may be a tad too paranoid.

       rawlogs_limit
              If  the  size  of  rawlogs.gz  is more than this setting (in kilobytes), then raw logs will not be
              attached. Useful if you have a 50Mb log and check your mail over a slow uplink.

       gpg_encrypt
              Logs routinely contain sensitive information, so you may want  to  encrypt  the  email  report  to
              ensure  that  nobody can read it other than designated administrators. Set to "yes" to enable gpg-
              encryption of the mail report. You will need to install mygpgme (installed by default on all  yum-
              managed systems).

       gpg_keyringdir
              If  you  don't  want  to use the default keyring (usually /root/.gnupg), you can set up a separate
              keyring directory for epylog's use. E.g.:
              > mkdir -m 0700 /etc/epylog/gpg

       gpg_recipients
              List of PGP key id's to use when encrypting the report. The keys must be in the pubring  specified
              in  gpg_keyringdir.  If  this  option  is  omitted,  epylog  will encrypt to all keys found in the
              pubring. To add a public key to a keyring, you can use the following command.
              > gpg [--homedir=/etc/epylog/gpg] --import pubkey.gpg
              You can generate the pubkey.gpg file by running "gpg --export KEYID" on your workstation,  or  you
              can use "gpg --search" to import the public keys from the keyserver.

       gpg_signers
              To use the signing option, you will first need to generate a private key:
              > gpg [--homedir=/etc/epylog/gpg] --gen-key
              Create  a  sign-only  RSA  key  and leave the passphrase empty. You can then use "gpg --export" to
              export the key you have generated and import it on the workstation where you read mail.
              If gpg_signers is not set, the report will not be signed.

File Publisher

method Method must be set to "file" for this config to work as a file publisher.

path Where to place the directories with reports. A sensible location would be in /var/www/html/epylog.
Note that the reports may contain sensitive information, so make sure you place a .htaccess in
that directory and require a password, or limit by host.

dirmask, filemask
These are the masks to be used for the created directories and files. For format values look at
strftime documentation here: http://www.python.org/doc/current/lib/module-time.html

save_rawlogs
Whether to save the raw logs in a file in the same directory as the report. The default is off,
since you can easily look in the original log sources.

expire_in
A digit specifying the number of days after which the old directories should be removed. Default
is 7.

notify Optionally send notifications to these email addresses when new reports become available. Comment
out if no notification is desired. This is definitely redundant if you also use the mail
publisher.

smtpserv
Use this smtp server when sending notifications. Can be either a hostname or a path to sendmail.
Defaults to "/usr/sbin/sendmail -t".

pubroot
When generating a notification message, use this as publication root to make a link. E.g.:
pubroot = http://www.example.com/epylog
will make a link: http://www.example.com/epylog/dirname/filename.html

COMMENTS

       Lines starting with "#" will be considered commented out.

AUTHORS

       Konstantin Ryabitsev <icon@linux.duke.edu>