Provided by: epylog_1.0.8-2_all 
NAME
epylog - Syslog new log notifier and parser.
SYNOPSIS
epylog [-c epylog.conf] [-d LOGLEVEL] [--last PERIOD]
[--store-offsets] [--quiet] [--cron]
DESCRIPTION
Epylog is a new log notifier and parser which runs periodically out of cron, looks at your logs,
processes the entries in order to present them in a more comprehensive format, and then provides you with
the output. It is written specifically with large network clusters in mind where a lot of machines
(around 50 and upwards) log to the same loghost using syslog or syslog-ng.
Alternatively, Epylog can be invoked from the command line and provide a log report based on a certain
provided time period. In this case it relies on syslog timestamps to find the offsets, as opposed to the
end-of-log offsets stored during the last run, though this behavior is not as reliable and is easily
thwarted by skewed clocks.
OPTIONS
-c config.file
Provide an alternative config file to Epylog. By default, it will look in /etc/epylog/epylog.conf.
-d LOGLEVEL
Logging level. The default is 1. 0 will produce no output except for critical errors (useful for
cron runs). 2 and above are debugging levels. 5 is the most verbose.
--last PERIOD
Will make a report on events that occurred in the last PERIOD. PERIOD can be either "hour", "day",
"week", "month", or more granular: "1h", "2h", "3d", "2w", etc. When --last is specified, epylog
will ignore the saved offsets and locate the entries by timestamps. CAUTION: this process is not
to be trusted, since the timestamps are not checked for any validity when arriving to the loghost.
One reporting machine with a skewed clock may confuse Epylog enough to miss a lot of valid
entries.
--store-offsets
When specified, will store the offset of the last log entry processed in offsets.xml. During the
cron runs epylog relies on the offset information to find out what new entries to process. This is
more trustworthy than relying on timestamps. The default behavior is not to store the offsets, as
this allows to run epylog both from cron and manually without the two interfering with each-other.
The location of offset.xml is specified in epylog.conf. See epylog.conf(5) for more details.
--quiet
In every way identical to -d 0.
--cron This is essentially --quiet --store-offsets, plus a lockfile will be created and consulted,
preventing more than one instance of epylog from running. You can still run epylog manually -- the
lockfile is only checked when running in --cron mode.
FEATURES
The core of epylog is written in python. It handles things like timestamp lookups, unwrapping of
"last message repeated" lines, handling of rotated files, preparing and publishing the reports,
etc.
The modules are pluggable and can be either "internal", written in python, or external. External
modules can be written in any language, but at a price of some convenience. For more info see
epylog-modules(5).
INITIAL RUN
Depending on the size of your logs, you might want to initialize your offsets before letting
epylog run from cron. When the offsets.xml file is missing, epylog will by default process the
entire log, and depending on your configuration, that can be a lot of entries. A good way to init
epylog is to run:
epylog --last day --store-offsets
FILES
/etc/epylog/epylog.conf
/usr/sbin/epylog
/etc/cron.daily/epylog.cron
/etc/epylog/*
/var/lib/epylog/*
/usr/share/epylog/modules/*
EXAMPLES
The useful way to run from a command line is with --last. E.g.:
epylog --last day
epylog --last 2w
When running from cron, you want to store the offsets and not rely on timestamps. There is a mode that
allows you to do this:
epylog --cron
AUTHORS
Konstantin Ryabitsev <icon@linux.duke.edu>
SEE ALSO
epylog.conf(5) epylog-modules(5)